| 1 |
Jeremy Kitchen wrote: |
| 2 |
|
| 3 |
>>Should I use qmail or postfix and why? |
| 4 |
> |
| 5 |
> |
| 6 |
> qmail. It's faster, more secure, and easier to use than postfix, and |
| 7 |
> you're not losing sleep at night wondering if a new version is going to |
| 8 |
> be out the next day. You can patch in almost any feature you'd want, |
| 9 |
> most of the patches are well made, and the support (both free, and |
| 10 |
> commercial ;) community for qmail is excellent. |
| 11 |
> |
| 12 |
> qmail is completely secure by design, and has a spotless security |
| 13 |
> history. |
| 14 |
|
| 15 |
I'm with Jeremy on this one. qmail is the way to go, but for the |
| 16 |
scalability you're talking about, qmail-ldap is the ticket. You can |
| 17 |
define all users, user attributes such as forwarding addresses, |
| 18 |
alternate addresses (aliases), quotas, vacation messages, mailstore |
| 19 |
servers, and more natively in the ldap schema. Native clustering support |
| 20 |
using qmail-qmpd and some enhanced clustering capabilities are available |
| 21 |
as well. Virtual domain support, etc. |
| 22 |
|
| 23 |
Someone mentioned that qmail does not bounce during the SMTP |
| 24 |
conversation. True for stock qmail, but qmail-ldap has some features you |
| 25 |
can turn on that prevent this situation (attempts to deliver to badly |
| 26 |
formatted addresses, non-existent users, etc.) RBL support is compiled |
| 27 |
in for a little more spam protection. All in all the integration is |
| 28 |
fantastic and works like a charm on huge scales. One other thing: pop3 |
| 29 |
and/or imap authentication can plug in to the qmail-ldap authentication |
| 30 |
modules seamlessly. No more trying to use Courier's ldap auth module or |
| 31 |
maintain a seperate user database, for example. Administration: find |
| 32 |
your favorite LDAP administration tool or use the qmail-ldap one out there. |
| 33 |
|
| 34 |
>>What about antispam and antivirus? Any suggestions/experiences? |
| 35 |
> |
| 36 |
> |
| 37 |
> very common configuration is spamassassin/clamav/qmail-scanner. I do |
| 38 |
> not recommend doing content filtering as messages are passing into the |
| 39 |
> queue, only virus scanning. |
| 40 |
|
| 41 |
I currently use this exact setup. qmail-scanner is a very clean |
| 42 |
filtering interface and qmail-ldap supports the QMAILQUEUE patch |
| 43 |
natively so you'd be set. I've got spamassassin configured just to tag a |
| 44 |
low-footprint header on spam detection - never rejecting or deleting |
| 45 |
mail. Clamav is a good active project and has been able to detect every |
| 46 |
new virus we've had a concern about. Technically, you could go with |
| 47 |
another alternate (shudder: commercial) AV vendor, but it's becoming |
| 48 |
less and less advantageous as time goes on. |
| 49 |
|
| 50 |
You may be able to offset the load imposed by content filtering by |
| 51 |
accepting all messages on a front end box to ensure delivery, and then |
| 52 |
filter on an smtp-route behind that. Your load should not put you past |
| 53 |
the point where you would start to drop messages due to filtering |
| 54 |
processing in this case. |
| 55 |
|
| 56 |
>>I have some experience using squirrel web mail. Any suggestions here? |
| 57 |
> |
| 58 |
> |
| 59 |
> squirrelmail and horde are both excellent. |
| 60 |
|
| 61 |
Agreed. Another option is omail-webmail which bypasses the IMAP |
| 62 |
connection to the server and does direct Maildir access: faster message |
| 63 |
access, less load on the server due to IMAP resources, but less |
| 64 |
features. It still provides a clean interface. I'm trying to get the |
| 65 |
omail-webmail developer to build a qmail-ldap auth module to accomplish |
| 66 |
the same thing as above. |
| 67 |
|
| 68 |
DS |
Archives