Date: Mon, 12 Apr 2004 22:27:45 -0400 From: Chris Shenton <chris@shenton.org> To: Cody Baker <cody@wilkshire.net> Cc: freebsd-isp@freebsd.org Subject: Re: mail server recommendations? Message-ID: <86k70kd332.fsf@PECTOPAH.shenton.org> In-Reply-To: <407B3285.4060006@wilkshire.net> (Cody Baker's message of "Mon, 12 Apr 2004 20:21:25 -0400") References: <407B1A06.4010308@telcom.net> <407B3285.4060006@wilkshire.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Cody Baker <cody@wilkshire.net> writes: > I put my personal recommendation in to qmail. I have 10 + servers > running qmail, some with 3000+ users. We use vpopmail for a mysql > based single UID/GID solution. For POP3 access we're using the > integrated qmail-pop3d, and courier-IMAP for IMAP. Virus scanning / > MIME-magic is done via qmail-scanner and clamscan. I'm deploying a system for a client using qmail-ldap, openldap, and courier-imap. I plan on using sqwebmail for webmail. I've got STARTTLS on SMTP and IMAP, and also offer SMTPS, IMAPS, and POPS. Nice thing about this architecture is that you can have a handful of MTA/IMAP/POP boxes all delivering to a shared NFS-mounted backend mailstore -- very robust. I've also installed a qmail + vpopmail-based system for an ISP and it's been rock solid. I didn't need to use MySQL for this but could have -- or probably even LDAP for user accounts. I use the qmail smtpd viruscan patch http://www.qmail.org/qmail-smtpd-viruscan-1.3.patch to block all MS executables and have seen a dramatic drop in virii. Simple: if an an attachment's first line looks like a base-64-encoded version of an MS executable, it's rejected; doesn't rely on signatures, or purported suffixes, or forged mime-types, etc. I haven't done anything but looking at antispam solutions. Currently looking at DSPAM and CRM114 as they seem to be quite effective (10x human accuracy, they both claim). But I haven't yet done anything serious about integrating them, and haven't worried per-user configuration, quarantining, etc. I'd be interested what others have used successfully. Be careful if you're using SMTP AUTH, STARTTLS, or SMTPS and want to use an external anti-spam/virus product: I haven't found an antispam vendor yet that supports this, tho a couple have it in the works. If you integrate directly on your MTA boxes, it should be less difficult -- once you figure out how to integrate them :-) > I am particularly fond of qmail because once it's setup it's very > easy to use, and is ROCK solid. Absolutely. Nice not to worry about the frequent sendmail or less frequent postfix security fixes. "It just works". Not trying to evangelize here, just switched from sendmail years ago and won't go back. Learning curve's a little steep, all the daemontools and ucspi-tcp helper stuff but they do work better than the common equivalents (syslog, inetd, etc).
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86k70kd332.fsf>