E-Mail Server Setup Advice? 67
dhammala asks: "I am responsible for setting up and maintaining a mail server for small web-hosting type business. We currently host about 75 domains, around 100 mailboxes and due to the efforts of our sales team, we are wanting to get ready for some great increases in those numbers. I am worried about my current configuration and ease of administration. More importantly (well, at least to the customers) is email deliverability -- it seems that messages delivered to some big players are being marked as SPAM or disappearing altogether. I am asking the Slashdot community for it's insight and advise on 1) if my current choice of software/configuration is a good match for this situation and 2) if there any additional measures I might take to ensure email deliverability?"
"Here is an overview of our current setup:
- We lease servers at ev1servers.net.
- The servers are running RHEL ES3.
- We chose to use Postfix and have it configured to support virtual users and domains mapped in MySQL tables. The reference I used to configure this setup is located here. We initially chose Postfix over qmail because it was open and over sendmail because the config files are actually readable.
- I have added in SQLGrey grey-listing for Postfix to provide a simple level of SPAM detection for our users. We are not wanting to deal with the customer service and higher box loads of mail scanning at this time. We might choose to use a 3rd party vendor to do this as needed.
- Messages are delivered locally via maildrop in maildir format.
- Courier IMAP is running to support both IMAP and POP access to the mailboxes.
- Postfix Admin was setup for easy mailbox administration.
- I have verified that our reverse IP records are correct
- I have created SPF records for all of the domains
- I have verified that our server is not listed in any blacklists (great scanner at dnsstuff.com)
- I have started to install DomainKeys for Postfix
I have not yet been able to get DomainKeys to work with Postfix. It was during my configuration attempts that I started to question this setup and wondered if this was the best setup for our situation.. this inquiry has lead to this posting.
In a perfect world, I would have an email server that:
- is easy to administer,
- supports automated mailbox setup/removal (currently I can just insert rows into my tables and the mailbox setup is done)
- supports current technologies, like grey-listing, DomainKeys, etc
- is secure
- makes the best use of system resources -- I want to get the 'best bang for the buck'
Are there any other technologies or configurations that I need to implement to support the best deliverabilty rates?"
Full out of box solution. (Score:3, Informative)
If your company can't afford it, that sucks, but I'd rather use that than try and get courier, postfix, pop3d and squirrellmail or whatever to all work together.
http://www.sun.com/software/products/messaging_sr
Re:Full out of box solution. (Score:2, Informative)
IT FUCKING SUCKS. You have about 1/10th the features and it runs significantly slower (I cannot verify the hardware is the same but the previous systems were IRIX on
Re:Full out of box solution. (Score:1)
I don't know who modded you as a Troll, but they should have their mod rights revoked, or get paid by Sun.
I have also been on the user side of Sun's Messaging service. I can't express how frustrated I am with it. Calendaring is a joke. The web interface is behind what most OSS products were years ago. Whatever you do, don't rely on the "JES Connector" to get your Outlook client to interface with the calendar. Have my entries are missing through outlook, but show up fine in the thin client. Speaking o
I recommend ... (Score:1)
http://www.clamav.net/ (Score:3, Informative)
http://www.clamav.net/ [clamav.net]
Re:one word (Score:3, Insightful)
Re:Blame (Score:3, Funny)
Re:Thank you for your public service (Score:1)
It's really Men's A Babe.
Don't fall for those TV/TG tricks!
Re:Dear Slashdot (Score:1)
Re:Dear Slashdot (Score:1, Offtopic)
Get over yourself, is is at best a flawed IQ test.
Kisses
Sera
P.S. The guy is obviously in over his head and was looking for help, glad to know "Mensa" would toss a drowning man an an anchor.
Re:Dear Slashdot (Score:2)
But take heart, one of these days an invitation only Slashdot will emerge and it will cure many of the issues plagued by th
Re:Dear Slashdot (Score:2)
Why Postfix/courier? (Score:3, Informative)
I am using courier as the mta, and courier as the pop, and courier as the imap.
The courier makes a fine MTA, but you do have to tweak a few of it's settings to make it more wideopen to allow it to connect to misconfigured exchange servers.
Other than that it has been great. I have a email account management system that I wrote that lets each domain have admin users that can add and delete accounts as they please.
I have SpamAssassin setup for some users (most of them post their email addresses in plain text on their websites) and even with that load, there is still plenty more capability in this little server.
Now, if you want a system that scales to tens of thousands of users, you are going to need to get something a little bigger than this, you are going to need to get a mail system that can distribute the messages over a number of servers. That is something I have not researched.
Re:Why Postfix/courier? (Score:3, Informative)
It might be called Hula: http://www.hula-project.org/ [hula-project.org]
Re:Why Postfix/courier? (Score:3, Insightful)
This is the solution we will be migrating to this year (Postfix, Cyrus, SquirrelMail) for ~1600 accounts in 1 domain, with another setup for next year using ~15,000 accounts across 15 domains. User accounts are stored in an OpenLDAP directory.
Re:Why Postfix/courier? (Score:2)
Re:Why Postfix/courier? (Score:2)
Re:Why Postfix/courier? (Score:2)
Re:Why Postfix/courier? (Score:2)
Oh, they have. Zillions of ways actually. There's no standard to make an e-mail client tell the server that the user is on vacation, so you end up with webmail-powered kludges, one or more for every webmail/MTA combination there is. You should be able to find one for whichever webmail program you're using - but you're almost guaranteed that another webmailer got the "good" vacation kludge and you got stuck with one of the bad ones.
Cyrus (Score:2)
I can't recommend it from experience, but I would trust the advice of this particular individual.
For smaller userbase, I'd have to say that courier was pretty painless to configure and reliable as well.
Courier IMAP (Score:3, Informative)
I would switch to dovecot [dovecot.org]. I found the performance to be quite a bit better than Courier, and it seemed more stable as well.
Seconded (Score:2)
Switch to Dovecot. Also, if you haven't already, switch to Maildir for your storage format. The mbox format is a disaster when dealing with IMAP clients like Apple's Mail, which opens multiple folders at once, thereby locking them all and blocking mail delivery.
Re:Seconded (Score:1)
Dovecot rocks... (Score:2)
If only it did shared mailboxes, it'd be perfect.
Re:Courier IMAP (Score:1)
Hard work. (Score:5, Insightful)
While I think that your deployment is a reasonably sane one - as far as going the OSS/free route is concerned - I agree with the other poster here who said that having nobody to blame will be an issue in the future. When your job is on the line, it's good to have someone else who is supposed to know and fix everything for you when you are hard-up for solutions. Email administrators for the largest and biggest corporations in the world don't do it all in-house. Even they contract out for support for their enterprise level products. Because their customers and bosses expect great reliability and performance and features and they don't want to wait for several days (or longer) while you read some half-assed documentation on a website, chat up some gurus in IRC and post to some web forums and usenet groups hoping for help.
Also, there is nobody certifying that the products you are using will absolutely work together. And on whatever platform you're using. They may say they've tried it on it - but I doubt in many cases they will say it's been certified through a thorough internal QA process that weeds out a lot of bugs and such.
Also, when you really must have something fixed, you will either have to write the code yourself (laborious to do, without even talking about testing and implementing). If you have a commercial product and a contract, you can present a business case to get your issue some priority and have a fix. And you can always threaten to drop the product if they don't do what you want (it works more often than you'd think).
Even when full-fledged, thorough, all-encompassing high-capacity commercial servers - the position of email admin is a full time job for at least one or more people. Using a dozen different open source products and maintaining everything and keeping a constant sandbox environment to work in (you don't want to introduce upgrades or patches or changes on production, of course!) will consume all of your available time. If you are the full-time email admin here and that is your only responsibility - have at it. But if you have other responsibilities... I think the commercial path might be better for you.
Again - I'm an OSS advocate. Yet, I feel strongly that there are some cases in which commercial software and support is valuable. Depending on the specifics of your duties and position, this may or may not apply to you. But consider it. Especially if you're going to be fairly huge some day.
Another solution would be to contract with a third party. There are companies that do nothing but provide you with email solutions. They can do this based on very strong commercial products. These companies themselves will host and run the hardware for you. They will do all of the configuration and deployment and maintenance and administration for you. I'm not familiar with their prices, though - but do look into it. The upgrades and crashes and migrations are their responsibility. Meeting QOS is their responsibility. They will deal with the commercial mailserver vendor(s) for you. They already have support contracts with them. All you do is tell them how big of a deployment you want and you're set.
After working with commercial mailservers for several years, I was ready to setup a deployment of my own for my own personal project. Not having any funds, I decided I was going to go the OSS rout. Just figuring out what would work together and what wouldn't (you have to make sure your POP, IMAP and webmail servers all use the same mailbox formats. You have a gazillion options for accounting from LDAP to MySQL, countless authentication mechanisms, etc). It drove me nuts. It was at that point that I started to see the light and the real value in what I did with commercial products. Having an entire server that supports everything you could possibly need or want in an email solution through one install and one configur
Re:Hard work. (Score:2)
I'm really confused here. You sound like a smart guy but this last decision makes you sound like a duffer, or you have been using Out of the Box for way too long.
Re:Hard work. (Score:1)
Since there are only a handful of users, POP is just fine. Or in my case, just ssh-ing in and firing up mutt on the server.
If I were offering an email service to people, I'd spend more time on one of the five zillion webmail "solutions" out there or with IMAP. Of course, that'd still
Re:Hard work. (Score:2)
Re:Hard work. (Score:1)
I run a Celeron300A(OC to 450Mhz) with 192Mb of memory and regular IDE disk. We have about 150 e-mail accounts, all of them get filtered thru SpamAssassin and ClamAV, and the load is about 0.25!
Debian Postfix-Amavis setup.
Oh, that machine also handles some 10 orso low-traffic webpages, has UW-IMAP + squirrelmail + IMP.
How in the hell can you get 1.8Ghz machine on his knees with 100 mail accounts?
Re:Hard work. (Score:2)
Re:Hard work. (Score:1)
Load is usually specified as of output
Cat
Re:Hard work. (Score:1)
Well, let's look at what software he's talking about.
Postfix.
SQLGrey: A policy server for postfix (In fact, it won't work with anything else. 'Policy servers' are a postfix invention, designed to provide half of the functions of a
Re:Hard work. (Score:1)
Re:Hard work. (Score:1)
But it's not as complicated as it could be, if sane choices are made.
That means absolutely no sendmail. That means Maildirs, so you don't need any file locking at all. That means users stored in one place, be it SQL or LDAP, and not a brittle text file under any circumstances.
A lot of that is choices, and many people don't know how to make good ones, but this guy does. In fact, he's managed to chose exactly what I chose, three years ago, at least for the b
Re:Hard work. (Score:1)
Speaking as an email admin for an $80bn
Outsource It (Score:3, Informative)
CommuniGate - Not free but.... (Score:2, Informative)
Works with squirellmail, and a bunch of other cool features. Plus the name of the company is kind of cool.
http://www.stalker.com/content/solutions.htm [stalker.com]
to the original poster, my personal opinion (Score:2, Interesting)
"If the building the server lives in falls into the center of the earth, but my boss wants the mail back up (not necessarily with their data, just live again), would I be able to put Postfix, SQLGrey, LDAP auth and Courier back together in less than 4 hours except for user accounts?"
If you are sufficiently detailed enough to pull that off within 4 hours except for user accounts, you probably have the bits you need to wing all the rest of the bells and whistles
Suggestions (Score:3, Informative)
They use Qmail which is open source. Who told you it was not?
Qmail is highly scalable and I think www.qmailtoaster.com and a few other sites provide great setups that allow you to set quotas and such.
large game sites use qmail.
Hell hotmail.com uses qmail to send emails. Not sure about the rest of it.
Inter7 can get you setup properly and provide maintenance if you have problems but otherwise their setups are self manageable.
Re:Suggestions (Score:1)
I switched from qmail to postfix, not because qmail was defective in any way, but rather because postfix is maintained. S
Re:Suggestions (Score:2)
Yeah, I run it -- consider me a satisfied customer/fanboy.
Re:Suggestions (Score:2)
To create mail directories on fly. (Score:2, Informative)
Then, assuming you know how to write PHP code, throw away the php. It's not that good. It can't handle fields being added to the database. But writing php for database manipulation is trivial, so I'll assume that's what you're already doing.
Anyway, what you need from 'vmail' is the 'maintain' perl script. It's fairly easy to understand. Basically, you want a 'new' table in your database with new email addresses, a 'deleted' one for deleted addresses, and a 'moved' one for moved emails. So in
dbmail (Score:2)
Re:dbmail (Score:2)
Re:dbmail (Score:1)
HELO, VRFY, and stuff (Score:2)
If you do something that's going to drastically alter your server's behavior, do 'inet_interfaces=localhost' to test, then restore to 'all' when you're sure it's working.
Personally... (Score:5, Informative)
Exim4 SMTP
Dovecott IMAP and POP3
Bogofilter
Spamassassin (SA-Exim)
Clam-AV
It's a rocking system, I'm currently having about 18000 messages a day tossed at me of which about ~17000 are spam. My personal accounts were getting about 2500 spam/day until I enabled all the anti-spam software and virus removal. I now get about 1-2 Spam a day and I've not had a single false positive.
For a small mid range setup I would probally use exim4. It's simple, has great features, and it's nice to have spamassassin at smtp time instead of having to process the entire message.
I don't recommend standard RBL's, however, the URI RBL's are *extremely* effective and an order of magnatude more sane in what they block (eg: if the message contains a link to viagraforyou.com it blocks the message, rather than blocking random dsl servers and
Theres a nice tutorial and informational link about using all the good features of sendmail and several additional ideas and theories on what is effective and what isn't at http://acme.com/mail_filtering/ [acme.com] the guy gets *insane* quantities of mail (mostly spam) and tells how he deals with it.
Synopsis: Large site- Sendmail, Medium/Small Site- Exim4.
Alot of people like qmail and postfix over sendmail and exim, but I just don't care for them having used them. Although if forced to choose between postfix and qmail it would be qmail.
Re:Personally... (Score:2)
BTW, those graphs are pretty small compared to our numbers.
Trust Tiers (Score:2)
BlarsBL (Score:1)
Re:BlarsBL (Score:2)
QmailToaster (Score:2, Informative)
Postfix + Cyrus + SQLGrey +DSPAM + Mysql (Score:3, Informative)
For that reason I chose Cyrus as the actual local mail system. It supports IMAP / POP3 can be scaled pretty easily. And despite reports that it is hard to configure, I have found that it really is not too bad if you keep things simple.
Currently I host about 3000 domains, and roughly 5000 email accounts, though most are nothing more than SPAM traps.
If you do go this route, the key is a reliable and robust MYSQL server(s).
The main advantage of MYSQL based virtual acounts is web-based management is trivial. ADD / UPDATE / DELETE can be done simply by updating a record.
The draw backs I have found are: a database/DB Server is an additional point of failure. Replication has been a bit tricky at times. Do not run DSPAM in the same database as your user / hosting accounts.
-MS2k
Another place to ask advice (Score:3, Informative)