Email setup suggestions

Post #235,112

11/19/05 11:48:50 AM

I want to setup a replacment inbound email server.

I currently have a qmail based on that is on the inside of a NATted
connection. I have a linksys router on a business DSL line that
port forwards 25 to the internal qmail box. It is about 6 years
old.

The email box holds email for POP3 access (Outlook client) and
for just 1 IMAPD client. So only that one client has any email
stored on the server, the rest pull and delete.

So, goals:

Setup a newly installed Linux box. Will reuse an older dell with
mirrored SCSI drives, probably with Kubuntu. Do not want to touch
current email box, very fragile, very old.

Setup an inbound email system. I have no recent experience with
anything, so I need suggestions and hopefully a link to a cookbook.

Note: I need to be able to lie about the machine's name since
the DNS will not really point to it, it'll point to the linksys
router which will port forward to it.

Setup pop3 and imapd deamons.

Migrate the current IMAPD user's email to the new server. All
his email is stored in a single file in /var/spool/mail.

Setup an HTTPS webmail environment. This will be new, and is one
of the reasons I want the new system.

Future goals:

Setup spam catching system that can be trained by individual people
for their own rules - want no sysadmin overhead.

Setup virus checking - Clam AV, right?

Setup internal forwarding - currently we have a separate outbound
server running send mail. Seems like 1/2 the Outlook clients refused
to talk to the qmail box for outbound, and I ran out of time, so I simply
setup a sendmail box for outbound only. Would like to get rid of that
if possible and consolidate to a single box.

Post #235,219

by boxley

11/20/05 11:46:40 AM

sendmail with webmin , for antispam check spews.org

lots of good rbl's there and other interesting items. Use dynablock as that lists all the dhcp boxes that are sending mail, a real mta usually uses a static ip.
thanx,
bill

"the reason people don't buy conspiracy theories is that they think conspiracy means everyone is on the same program. Thats not how it works. Everybody has a different program. They just all want the same guy dead. Socrates was a gadfly, but I bet he took time out to screw somebodies wife" Gus Vitelli

Any opinions expressed by me are mine alone, posted from my home computer, on my own time as a free american and do not reflect the opinions of any person or company that I have had professional relations with in the past 49 years. meep
questions, help? [link|mailto:pappas@catholic.org|email pappas at catholic.org]

Post #235,230

by broomberg

11/20/05 2:32:06 PM

Don't like either

Sendmail for incoming scares me. Too many years of the bug of the week.
Configured via webmin means too much black magic for me to not understand.
Any RBH list knocks out the single server that someone NEEDS to hear from (yes, I'm generalizing), but that what seemed to happen every time we turned it on at my office, which in turn made it a high admin overhead.

Post #235,231

by pwhysall

11/20/05 2:51:07 PM

exim + spamassassin

Post #235,232

by broomberg

11/20/05 3:08:13 PM

Cookbook?

Post #235,279

by pwhysall

11/21/05 1:45:01 AM

Re: Cookbook?

[link|http://www.google.com/search?client=safari&rls=en-us&q=exim+spamassassin&ie=UTF-8&oe=UTF-8|http://www.google.co...ie=UTF-8&oe=UTF-8]

Top hit first, but others are useful.

Post #235,311

by broomberg

11/21/05 11:21:19 AM

You do realize the order on Google changes, don't you?

Post #235,313

by pwhysall

11/21/05 11:57:58 AM

So click it right this minute!

Post #235,316

by Another Scott

11/21/05 12:02:20 PM

I think even simultaneous queries can give different results

I think that Google's server farms are generally pretty close to being in sync, but they're not in lockstep.

FWIW, clicking on your Google link gives me "about 656,000" pages: [link|http://marc.merlins.org/linux/exim/sa.html|1st], [link|http://maxo.captainnet.net/installs/jaguar/mail-update.html|51st].

Cheers,
Scott.

Post #235,997

by scoenye

11/25/05 1:50:45 PM

exim + ASSP

ASSP is an SMTP proxy server so it can always let the other side know a message has been rejected. All the bounce/double-bounce stuff is eliminated.

Very easy to get going and very effective here* at work. It isn't rules based, so it's light on resources (SpamAssassin brings the same server to its knees easily). The only resource hog is the nightly rebuild of the databases.

* Possible bias: since 99% of spam is some mutation of English, ASSP may be very effective at separating English from Dutch...

Post #235,253

by static

11/20/05 10:33:30 PM

Courier.

www.courier-mta.org

Native Maildir support (qmail's favourite format). Supplied IMAP and POP3 servers. Webmail module. It is rumoured to have a web-based frontend, but I've always been happy dicking with the files. They are not difficult and come with lots of comments.

Two caveats: 1. The FAQ on the web is a bit out-of-date. Some of the answers suggest hand-patching and recompiling - this is no longer so; there are lots more configuration options now. 2. The author is very brusque in email. Hopefully, you won't need him. :-)

Courier can do lots of lying. It can do lots of clever alias stuff. It knows about ESMTP-MSA; SSL; there are hooks for SpamAssassin, but I BogoFilter to be better. I've got some very simple rules and a cronjob to keep it trained.

Courier is apt-get-able from within any Debian distro. To configure it, start with man courier and look in /etc/courier, starting with /etc/courierd. For alias and delivery control, do man dot-courier. You will also probably want the following line in /etc/courier/bofh: opt BOFHBADMIME=accept

I've been using Courier for years; drop me a line for further help.

Wade.

"Insert crowbar. Apply force."

Post #235,269

by broomberg

11/21/05 12:29:52 AM

Thanks. I'll look into it.

Post #235,347

by folkert

11/21/05 2:28:21 PM

I don't like the Courier MTA, but

everything else seem to be good, short of the web-interface.

I use the POP and IMAP daemons. They never have problems.

--
[link|mailto:greg@gregfolkert.net|greg],
[link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ i_wethey
Freedom is not FREE.
Yeah, but 10s of Trillions of US Dollars?

SELECT * FROM scog WHERE ethics > 0;

0 rows returned.

Post #235,404

by static

11/21/05 7:37:01 PM

I have had occasional problems with RFC compliance.

Most notably commercial organisations that neglect to set the 8-bit MIME header when they send 8-bit HTML. Older versions of Courier rejected the email, saying why. Newer versions default to hiving it off to an attachment. This was annoying my wife :-/. Fortunately, you can tell it not to do that.

That's the only problem I've ever had with any of Courier.

In a previous job, we had our own email system and needed the MTA to inject email into the app. PostFix was a bitch to make this happen - it was as though it was deliberately difficult to do. Courier, OTOH, was a walk in the park to do it.

I found Courier back when I was using qmail and needed an IMAP server that understood Maildir. At the time, Courier-IMAP was the only choice. When I did a system upgrade, qmail was Just Too Difficult to setup again (why do I have to patch qmail and why do I have to recompile a system binary to enable relaying?). The system alternative was sendmail - and all my mail was in Maildir format. :-/ By then, the rest of Courier had been released. It was much easier to configure. I've been using it ever since!

Wade.

"Insert crowbar. Apply force."

Post #235,456

by pwhysall

11/22/05 1:39:32 AM

Courier-IMAP is the mutt's. The MTA, OTOH, is a bit pants.

Post #235,590

by static

11/22/05 8:06:43 PM

Oh? How so?

"Insert crowbar. Apply force."

Post #235,346

by folkert

11/21/05 2:26:46 PM

11/28/05 3:13:54 PM

I should have sent this to Box.

Here is a very good (definative) resource for Exim. [link|http://www.jcdigita.com/eximconfig/|EximConfig] (look at the changelogs - back to 2003) Also checkout the acknowledgements... some coolstuff there. (BTW, Debian Sarge Currently uses Exim 4.50)

Requirements:

Exim 4.2x or 4.3x mailer preferably with TLS support and either the dl_local_scan patch applied or compiled with SA-Exim replacement local_scan.c
Embedded Perl support is also recommended for unescaping and Base64 decoding message body text, along with MySQL database support if you wish to use the flood protection feature.
The exim4-daemon-heavy package distributed with GNU/Debian Linux meets the above requirements.
(Optional) SpamAssassin for spam scanning of messages.
(Optional) SA-Exim for SMTP-time spam scanning and rejection using SpamAssassin (Pre-compiled sa-exim.so included)
(Optional) Exim compiled with Exiscan patch for virus scanning (Such as Debian's exim4-daemon-heavy), plus suitable 3rd party anti-virus software, such as ClamAV.
(Optional) SPF daemon (spfd) running via socket /tmp/spfd for SPF support. This is available in the Debian's libmail-spf-query-perl package.
Ideally one or more registered domain names with MX record(s) pointing directly at your Exim host server(s) to allow SMTP-time rejection to work effectively.
EximConfig can also work with indirectly received mail (E.g: Collected using Fetchmail), but will only act as a filter - The spammers will never see the rejections :( )

I am pretty impressed with Boggis. He made everything work together. Now, couple all of this with Courier IMAP(S) and POP3(S), and you gots a solution to hammer on that works and can be managed. Plus you can add in Virtual Domains for exim and support those easily enough with flat files or a DB or something.

--
[link|mailto:greg@gregfolkert.net|greg],
[link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ i_wethey
Freedom is not FREE.
Yeah, but 10s of Trillions of US Dollars?

SELECT * FROM scog WHERE ethics > 0;

0 rows returned.

Edited by folkert Nov. 28, 2005, 03:13:54 PM EST

Expand All History

Post #235,349

by boxley

11/21/05 2:41:53 PM

nope, thats why I suggested sendmail :-)

Post #235,351

by folkert

11/21/05 3:00:07 PM

Dern it...

I pulled that all together for you too. I guess it slipped my mind to actually send it.

Sheeit. Prolly why you went to Bizanga as well?

Dude, you should mentioned it.

I couldn't conslut away from home these days lately either.

Love to have, but no dice.

--
[link|mailto:greg@gregfolkert.net|greg],
[link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ i_wethey
Freedom is not FREE.
Yeah, but 10s of Trillions of US Dollars?

SELECT * FROM scog WHERE ethics > 0;

0 rows returned.

Post #235,366

by boxley

11/21/05 4:20:29 PM

nope

I always present bidness folks with 2 choices and let them make the decision. If you give them only one choice they will decide on another product that you dont like. The choices were biz or sendmail and opensource. Both equally weighted. They chose Biz. My preference was opensource. Being a Sun shop, Sun fully supports sendmail on Solaris 10. I would have went with clamAV, Spam asassin rbls.
thanx,
bill

Post #235,380

by pwhysall

11/21/05 5:31:03 PM

yabut sendmail's a bigbagocack

Anything Sendmail can do, Postfix or Exim can do easier and faster.

Post #235,382

by imric

11/21/05 5:36:30 PM

Somehow. *grin*

[link|http://www.runningworks.com|

]

Imric's Tips for Living

Paranoia Is a Survival Trait
Pessimists are never disappointed - but sometimes, if they are very lucky, they can be pleasantly surprised...
Even though everyone is out to get you, it doesn't matter unless you let them win.

Nothing is as simple as it seems in the beginning,
As hopeless as it seems in the middle,
Or as finished as it seems in the end.

Post #235,384

by pwhysall

11/21/05 5:42:22 PM

If I steal your webmin, you're doomed, incha?

I can admin the other two with just a text editor...

Post #235,414

by imric

11/21/05 8:38:18 PM

Never did find any way to duplicate virtuser functionalty.

Part of it, yeah, but no the part I wanted. Webmin was a goal, but not the only one.

[link|http://www.runningworks.com|

]

Imric's Tips for Living

Paranoia Is a Survival Trait
Pessimists are never disappointed - but sometimes, if they are very lucky, they can be pleasantly surprised...
Even though everyone is out to get you, it doesn't matter unless you let them win.

Nothing is as simple as it seems in the beginning,
As hopeless as it seems in the middle,
Or as finished as it seems in the end.

Post #235,387

by boxley

11/21/05 5:50:21 PM

dont need webmin, me I wouldnt use it

mail.cf etc is easy to use and configure, I have done it before, could do it again. Webmin although is useful for ops admins who just need to tweak a pre-approved setting in a change control window. I spent several hours in Montreal next to one of the Sendmail developers. Product is stable, mature and Supportable by a vendor (Sun).
thanx,
bill

Welcome to IWETHEY!