From owner-freebsd-isp@FreeBSD.ORG Mon Apr 12 19:27:47 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 87EDC16A4CE for ; Mon, 12 Apr 2004 19:27:47 -0700 (PDT) Received: from Shenton.org (23.ebbed1.client.atlantech.net [209.190.235.35]) by mx1.FreeBSD.org (Postfix) with SMTP id 7EA0543D1F for ; Mon, 12 Apr 2004 19:27:46 -0700 (PDT) (envelope-from chris@Shenton.Org) Received: (qmail 10172 invoked by uid 1001); 13 Apr 2004 02:27:45 -0000 To: Cody Baker References: <407B1A06.4010308@telcom.net> <407B3285.4060006@wilkshire.net> From: Chris Shenton Date: Mon, 12 Apr 2004 22:27:45 -0400 In-Reply-To: <407B3285.4060006@wilkshire.net> (Cody Baker's message of "Mon, 12 Apr 2004 20:21:25 -0400") Message-ID: <86k70kd332.fsf@PECTOPAH.shenton.org> User-Agent: Gnus/5.110002 (No Gnus v0.2) Emacs/21.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: freebsd-isp@freebsd.org Subject: Re: mail server recommendations? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Apr 2004 02:27:47 -0000 Cody Baker writes: > I put my personal recommendation in to qmail. I have 10 + servers > running qmail, some with 3000+ users. We use vpopmail for a mysql > based single UID/GID solution. For POP3 access we're using the > integrated qmail-pop3d, and courier-IMAP for IMAP. Virus scanning / > MIME-magic is done via qmail-scanner and clamscan. I'm deploying a system for a client using qmail-ldap, openldap, and courier-imap. I plan on using sqwebmail for webmail. I've got STARTTLS on SMTP and IMAP, and also offer SMTPS, IMAPS, and POPS. Nice thing about this architecture is that you can have a handful of MTA/IMAP/POP boxes all delivering to a shared NFS-mounted backend mailstore -- very robust. I've also installed a qmail + vpopmail-based system for an ISP and it's been rock solid. I didn't need to use MySQL for this but could have -- or probably even LDAP for user accounts. I use the qmail smtpd viruscan patch http://www.qmail.org/qmail-smtpd-viruscan-1.3.patch to block all MS executables and have seen a dramatic drop in virii. Simple: if an an attachment's first line looks like a base-64-encoded version of an MS executable, it's rejected; doesn't rely on signatures, or purported suffixes, or forged mime-types, etc. I haven't done anything but looking at antispam solutions. Currently looking at DSPAM and CRM114 as they seem to be quite effective (10x human accuracy, they both claim). But I haven't yet done anything serious about integrating them, and haven't worried per-user configuration, quarantining, etc. I'd be interested what others have used successfully. Be careful if you're using SMTP AUTH, STARTTLS, or SMTPS and want to use an external anti-spam/virus product: I haven't found an antispam vendor yet that supports this, tho a couple have it in the works. If you integrate directly on your MTA boxes, it should be less difficult -- once you figure out how to integrate them :-) > I am particularly fond of qmail because once it's setup it's very > easy to use, and is ROCK solid. Absolutely. Nice not to worry about the frequent sendmail or less frequent postfix security fixes. "It just works". Not trying to evangelize here, just switched from sendmail years ago and won't go back. Learning curve's a little steep, all the daemontools and ucspi-tcp helper stuff but they do work better than the common equivalents (syslog, inetd, etc).