1 |
Jeremy Kitchen wrote: |
2 |
|
3 |
>>Should I use qmail or postfix and why? |
4 |
> |
5 |
> |
6 |
> qmail. It's faster, more secure, and easier to use than postfix, and |
7 |
> you're not losing sleep at night wondering if a new version is going to |
8 |
> be out the next day. You can patch in almost any feature you'd want, |
9 |
> most of the patches are well made, and the support (both free, and |
10 |
> commercial ;) community for qmail is excellent. |
11 |
> |
12 |
> qmail is completely secure by design, and has a spotless security |
13 |
> history. |
14 |
|
15 |
I'm with Jeremy on this one. qmail is the way to go, but for the |
16 |
scalability you're talking about, qmail-ldap is the ticket. You can |
17 |
define all users, user attributes such as forwarding addresses, |
18 |
alternate addresses (aliases), quotas, vacation messages, mailstore |
19 |
servers, and more natively in the ldap schema. Native clustering support |
20 |
using qmail-qmpd and some enhanced clustering capabilities are available |
21 |
as well. Virtual domain support, etc. |
22 |
|
23 |
Someone mentioned that qmail does not bounce during the SMTP |
24 |
conversation. True for stock qmail, but qmail-ldap has some features you |
25 |
can turn on that prevent this situation (attempts to deliver to badly |
26 |
formatted addresses, non-existent users, etc.) RBL support is compiled |
27 |
in for a little more spam protection. All in all the integration is |
28 |
fantastic and works like a charm on huge scales. One other thing: pop3 |
29 |
and/or imap authentication can plug in to the qmail-ldap authentication |
30 |
modules seamlessly. No more trying to use Courier's ldap auth module or |
31 |
maintain a seperate user database, for example. Administration: find |
32 |
your favorite LDAP administration tool or use the qmail-ldap one out there. |
33 |
|
34 |
>>What about antispam and antivirus? Any suggestions/experiences? |
35 |
> |
36 |
> |
37 |
> very common configuration is spamassassin/clamav/qmail-scanner. I do |
38 |
> not recommend doing content filtering as messages are passing into the |
39 |
> queue, only virus scanning. |
40 |
|
41 |
I currently use this exact setup. qmail-scanner is a very clean |
42 |
filtering interface and qmail-ldap supports the QMAILQUEUE patch |
43 |
natively so you'd be set. I've got spamassassin configured just to tag a |
44 |
low-footprint header on spam detection - never rejecting or deleting |
45 |
mail. Clamav is a good active project and has been able to detect every |
46 |
new virus we've had a concern about. Technically, you could go with |
47 |
another alternate (shudder: commercial) AV vendor, but it's becoming |
48 |
less and less advantageous as time goes on. |
49 |
|
50 |
You may be able to offset the load imposed by content filtering by |
51 |
accepting all messages on a front end box to ensure delivery, and then |
52 |
filter on an smtp-route behind that. Your load should not put you past |
53 |
the point where you would start to drop messages due to filtering |
54 |
processing in this case. |
55 |
|
56 |
>>I have some experience using squirrel web mail. Any suggestions here? |
57 |
> |
58 |
> |
59 |
> squirrelmail and horde are both excellent. |
60 |
|
61 |
Agreed. Another option is omail-webmail which bypasses the IMAP |
62 |
connection to the server and does direct Maildir access: faster message |
63 |
access, less load on the server due to IMAP resources, but less |
64 |
features. It still provides a clean interface. I'm trying to get the |
65 |
omail-webmail developer to build a qmail-ldap auth module to accomplish |
66 |
the same thing as above. |
67 |
|
68 |
DS |