Post #235,112
11/19/05 11:48:50 AM
|
Email setup suggestions
I want to setup a replacment inbound email server.
I currently have a qmail based on that is on the inside of a NATted connection. I have a linksys router on a business DSL line that port forwards 25 to the internal qmail box. It is about 6 years old.
The email box holds email for POP3 access (Outlook client) and for just 1 IMAPD client. So only that one client has any email stored on the server, the rest pull and delete.
So, goals:
Setup a newly installed Linux box. Will reuse an older dell with mirrored SCSI drives, probably with Kubuntu. Do not want to touch current email box, very fragile, very old.
Setup an inbound email system. I have no recent experience with anything, so I need suggestions and hopefully a link to a cookbook.
Note: I need to be able to lie about the machine's name since the DNS will not really point to it, it'll point to the linksys router which will port forward to it.
Setup pop3 and imapd deamons.
Migrate the current IMAPD user's email to the new server. All his email is stored in a single file in /var/spool/mail.
Setup an HTTPS webmail environment. This will be new, and is one of the reasons I want the new system.
Future goals:
Setup spam catching system that can be trained by individual people for their own rules - want no sysadmin overhead.
Setup virus checking - Clam AV, right?
Setup internal forwarding - currently we have a separate outbound server running send mail. Seems like 1/2 the Outlook clients refused to talk to the qmail box for outbound, and I ran out of time, so I simply setup a sendmail box for outbound only. Would like to get rid of that if possible and consolidate to a single box.
|
Post #235,219
11/20/05 11:46:40 AM
|
sendmail with webmin , for antispam check spews.org
lots of good rbl's there and other interesting items. Use dynablock as that lists all the dhcp boxes that are sending mail, a real mta usually uses a static ip. thanx, bill
"the reason people don't buy conspiracy theories is that they think conspiracy means everyone is on the same program. Thats not how it works. Everybody has a different program. They just all want the same guy dead. Socrates was a gadfly, but I bet he took time out to screw somebodies wife" Gus Vitelli
Any opinions expressed by me are mine alone, posted from my home computer, on my own time as a free american and do not reflect the opinions of any person or company that I have had professional relations with in the past 49 years. meep questions, help? [link|mailto:pappas@catholic.org|email pappas at catholic.org]
|
Post #235,230
11/20/05 2:32:06 PM
|
Don't like either
Sendmail for incoming scares me. Too many years of the bug of the week. Configured via webmin means too much black magic for me to not understand. Any RBH list knocks out the single server that someone NEEDS to hear from (yes, I'm generalizing), but that what seemed to happen every time we turned it on at my office, which in turn made it a high admin overhead.
|
Post #235,231
11/20/05 2:51:07 PM
|
exim + spamassassin
Peter [link|http://www.no2id.net/|Don't Let The Terrorists Win] [link|http://www.kuro5hin.org|There is no K5 Cabal] [link|http://guildenstern.dyndns.org|Home] Use P2P for legitimate purposes!
|
Post #235,232
11/20/05 3:08:13 PM
|
Cookbook?
|
Post #235,279
11/21/05 1:45:01 AM
|
Re: Cookbook?
[link|http://www.google.com/search?client=safari&rls=en-us&q=exim+spamassassin&ie=UTF-8&oe=UTF-8|http://www.google.co...ie=UTF-8&oe=UTF-8]
Top hit first, but others are useful.
Peter [link|http://www.no2id.net/|Don't Let The Terrorists Win] [link|http://www.kuro5hin.org|There is no K5 Cabal] [link|http://guildenstern.dyndns.org|Home] Use P2P for legitimate purposes!
|
Post #235,311
11/21/05 11:21:19 AM
|
You do realize the order on Google changes, don't you?
|
Post #235,313
11/21/05 11:57:58 AM
|
So click it right this minute!
Peter [link|http://www.no2id.net/|Don't Let The Terrorists Win] [link|http://www.kuro5hin.org|There is no K5 Cabal] [link|http://guildenstern.dyndns.org|Home] Use P2P for legitimate purposes!
|
Post #235,316
11/21/05 12:02:20 PM
|
I think even simultaneous queries can give different results
I think that Google's server farms are generally pretty close to being in sync, but they're not in lockstep.
FWIW, clicking on your Google link gives me "about 656,000" pages: [link|http://marc.merlins.org/linux/exim/sa.html|1st], [link|http://maxo.captainnet.net/installs/jaguar/mail-update.html|51st].
Cheers, Scott.
|
Post #235,997
11/25/05 1:50:45 PM
|
exim + ASSP
ASSP is an SMTP proxy server so it can always let the other side know a message has been rejected. All the bounce/double-bounce stuff is eliminated.
Very easy to get going and very effective here* at work. It isn't rules based, so it's light on resources (SpamAssassin brings the same server to its knees easily). The only resource hog is the nightly rebuild of the databases.
* Possible bias: since 99% of spam is some mutation of English, ASSP may be very effective at separating English from Dutch...
|
Post #235,253
11/20/05 10:33:30 PM
|
Courier.
www.courier-mta.org
Native Maildir support (qmail's favourite format). Supplied IMAP and POP3 servers. Webmail module. It is rumoured to have a web-based frontend, but I've always been happy dicking with the files. They are not difficult and come with lots of comments.
Two caveats: 1. The FAQ on the web is a bit out-of-date. Some of the answers suggest hand-patching and recompiling - this is no longer so; there are lots more configuration options now. 2. The author is very brusque in email. Hopefully, you won't need him. :-)
Courier can do lots of lying. It can do lots of clever alias stuff. It knows about ESMTP-MSA; SSL; there are hooks for SpamAssassin, but I BogoFilter to be better. I've got some very simple rules and a cronjob to keep it trained.
Courier is apt-get-able from within any Debian distro. To configure it, start with man courier and look in /etc/courier, starting with /etc/courierd. For alias and delivery control, do man dot-courier. You will also probably want the following line in /etc/courier/bofh: opt BOFHBADMIME=accept
I've been using Courier for years; drop me a line for further help.
Wade.
"Insert crowbar. Apply force."
|
Post #235,269
11/21/05 12:29:52 AM
|
Thanks. I'll look into it.
|
Post #235,347
11/21/05 2:28:21 PM
|
I don't like the Courier MTA, but
everything else seem to be good, short of the web-interface.
I use the POP and IMAP daemons. They never have problems.
-- [link|mailto:greg@gregfolkert.net|greg], [link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwetheyFreedom is not FREE. Yeah, but 10s of Trillions of US Dollars? SELECT * FROM scog WHERE ethics > 0;
0 rows returned.
|
Post #235,404
11/21/05 7:37:01 PM
|
I have had occasional problems with RFC compliance.
Most notably commercial organisations that neglect to set the 8-bit MIME header when they send 8-bit HTML. Older versions of Courier rejected the email, saying why. Newer versions default to hiving it off to an attachment. This was annoying my wife :-/. Fortunately, you can tell it not to do that.
That's the only problem I've ever had with any of Courier.
In a previous job, we had our own email system and needed the MTA to inject email into the app. PostFix was a bitch to make this happen - it was as though it was deliberately difficult to do. Courier, OTOH, was a walk in the park to do it.
I found Courier back when I was using qmail and needed an IMAP server that understood Maildir. At the time, Courier-IMAP was the only choice. When I did a system upgrade, qmail was Just Too Difficult to setup again (why do I have to patch qmail and why do I have to recompile a system binary to enable relaying?). The system alternative was sendmail - and all my mail was in Maildir format. :-/ By then, the rest of Courier had been released. It was much easier to configure. I've been using it ever since!
Wade.
"Insert crowbar. Apply force."
|
Post #235,456
11/22/05 1:39:32 AM
|
Courier-IMAP is the mutt's. The MTA, OTOH, is a bit pants.
Peter [link|http://www.no2id.net/|Don't Let The Terrorists Win] [link|http://www.kuro5hin.org|There is no K5 Cabal] [link|http://guildenstern.dyndns.org|Home] Use P2P for legitimate purposes!
|
Post #235,590
11/22/05 8:06:43 PM
|
Oh? How so?
"Insert crowbar. Apply force."
|
Post #235,346
11/21/05 2:26:46 PM
11/28/05 3:13:54 PM
|
I should have sent this to Box.
Here is a very good (definative) resource for Exim. [link|http://www.jcdigita.com/eximconfig/|EximConfig] (look at the changelogs - back to 2003) Also checkout the acknowledgements... some coolstuff there. (BTW, Debian Sarge Currently uses Exim 4.50) Requirements: - Exim 4.2x or 4.3x mailer preferably with TLS support and either the dl_local_scan patch applied or compiled with SA-Exim replacement local_scan.c
Embedded Perl support is also recommended for unescaping and Base64 decoding message body text, along with MySQL database support if you wish to use the flood protection feature. The exim4-daemon-heavy package distributed with GNU/Debian Linux meets the above requirements. - (Optional) SpamAssassin for spam scanning of messages.
- (Optional) SA-Exim for SMTP-time spam scanning and rejection using SpamAssassin (Pre-compiled sa-exim.so included)
- (Optional) Exim compiled with Exiscan patch for virus scanning (Such as Debian's exim4-daemon-heavy), plus suitable 3rd party anti-virus software, such as ClamAV.
- (Optional) SPF daemon (spfd) running via socket /tmp/spfd for SPF support. This is available in the Debian's libmail-spf-query-perl package.
- Ideally one or more registered domain names with MX record(s) pointing directly at your Exim host server(s) to allow SMTP-time rejection to work effectively.
EximConfig can also work with indirectly received mail (E.g: Collected using Fetchmail), but will only act as a filter - The spammers will never see the rejections :( )
I am pretty impressed with Boggis. He made everything work together. Now, couple all of this with Courier IMAP(S) and POP3(S), and you gots a solution to hammer on that works and can be managed. Plus you can add in Virtual Domains for exim and support those easily enough with flat files or a DB or something.
-- [link|mailto:greg@gregfolkert.net|greg], [link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwetheyFreedom is not FREE. Yeah, but 10s of Trillions of US Dollars? SELECT * FROM scog WHERE ethics > 0;
0 rows returned.
Edited by folkert
Nov. 28, 2005, 03:13:54 PM EST
|
Post #235,349
11/21/05 2:41:53 PM
|
nope, thats why I suggested sendmail :-)
"the reason people don't buy conspiracy theories is that they think conspiracy means everyone is on the same program. Thats not how it works. Everybody has a different program. They just all want the same guy dead. Socrates was a gadfly, but I bet he took time out to screw somebodies wife" Gus Vitelli
Any opinions expressed by me are mine alone, posted from my home computer, on my own time as a free american and do not reflect the opinions of any person or company that I have had professional relations with in the past 49 years. meep questions, help? [link|mailto:pappas@catholic.org|email pappas at catholic.org]
|
Post #235,351
11/21/05 3:00:07 PM
|
Dern it...
I pulled that all together for you too. I guess it slipped my mind to actually send it.
Sheeit. Prolly why you went to Bizanga as well?
Dude, you should mentioned it.
I couldn't conslut away from home these days lately either.
Love to have, but no dice.
-- [link|mailto:greg@gregfolkert.net|greg], [link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwetheyFreedom is not FREE. Yeah, but 10s of Trillions of US Dollars? SELECT * FROM scog WHERE ethics > 0;
0 rows returned.
|
Post #235,366
11/21/05 4:20:29 PM
|
nope
I always present bidness folks with 2 choices and let them make the decision. If you give them only one choice they will decide on another product that you dont like. The choices were biz or sendmail and opensource. Both equally weighted. They chose Biz. My preference was opensource. Being a Sun shop, Sun fully supports sendmail on Solaris 10. I would have went with clamAV, Spam asassin rbls. thanx, bill
"the reason people don't buy conspiracy theories is that they think conspiracy means everyone is on the same program. Thats not how it works. Everybody has a different program. They just all want the same guy dead. Socrates was a gadfly, but I bet he took time out to screw somebodies wife" Gus Vitelli
Any opinions expressed by me are mine alone, posted from my home computer, on my own time as a free american and do not reflect the opinions of any person or company that I have had professional relations with in the past 49 years. meep questions, help? [link|mailto:pappas@catholic.org|email pappas at catholic.org]
|
Post #235,380
11/21/05 5:31:03 PM
|
yabut sendmail's a bigbagocack
Anything Sendmail can do, Postfix or Exim can do easier and faster.
Peter [link|http://www.no2id.net/|Don't Let The Terrorists Win] [link|http://www.kuro5hin.org|There is no K5 Cabal] [link|http://guildenstern.dyndns.org|Home] Use P2P for legitimate purposes!
|
Post #235,382
11/21/05 5:36:30 PM
|
Somehow. *grin*
[link|http://www.runningworks.com|
] Imric's Tips for Living
- Paranoia Is a Survival Trait
- Pessimists are never disappointed - but sometimes, if they are very lucky, they can be pleasantly surprised...
- Even though everyone is out to get you, it doesn't matter unless you let them win.
|
Nothing is as simple as it seems in the beginning, As hopeless as it seems in the middle, Or as finished as it seems in the end.
|
|
Post #235,384
11/21/05 5:42:22 PM
|
If I steal your webmin, you're doomed, incha?
I can admin the other two with just a text editor...
Peter [link|http://www.no2id.net/|Don't Let The Terrorists Win] [link|http://www.kuro5hin.org|There is no K5 Cabal] [link|http://guildenstern.dyndns.org|Home] Use P2P for legitimate purposes!
|
Post #235,414
11/21/05 8:38:18 PM
|
Never did find any way to duplicate virtuser functionalty.
Part of it, yeah, but no the part I wanted. Webmin was a goal, but not the only one.
[link|http://www.runningworks.com|
] Imric's Tips for Living
- Paranoia Is a Survival Trait
- Pessimists are never disappointed - but sometimes, if they are very lucky, they can be pleasantly surprised...
- Even though everyone is out to get you, it doesn't matter unless you let them win.
|
Nothing is as simple as it seems in the beginning, As hopeless as it seems in the middle, Or as finished as it seems in the end.
|
|
Post #235,387
11/21/05 5:50:21 PM
|
dont need webmin, me I wouldnt use it
mail.cf etc is easy to use and configure, I have done it before, could do it again. Webmin although is useful for ops admins who just need to tweak a pre-approved setting in a change control window. I spent several hours in Montreal next to one of the Sendmail developers. Product is stable, mature and Supportable by a vendor (Sun). thanx, bill
"the reason people don't buy conspiracy theories is that they think conspiracy means everyone is on the same program. Thats not how it works. Everybody has a different program. They just all want the same guy dead. Socrates was a gadfly, but I bet he took time out to screw somebodies wife" Gus Vitelli
Any opinions expressed by me are mine alone, posted from my home computer, on my own time as a free american and do not reflect the opinions of any person or company that I have had professional relations with in the past 49 years. meep questions, help? [link|mailto:pappas@catholic.org|email pappas at catholic.org]
|