I've currently got this setup on my home firewall box. Granted, I have
far fewer than 60-100 users, but that's largely irrelevant as far as the
setup goes.
I'm running Debian(sid) on a 500MHz Alpha workstation, using
courier-imap for IMAP, exim for MTA, and spamassassin for anti-spam.
Authentication is done via pam, so every user has a working shell
account. There are also HOWTOs out there for setting up authentication
with different databases (mysql, postgresql, etc) or LDAP, but in my
case I went with the simplest approach. I have the luxury of personally
knowing everyone who has an account, which helps mitigate the security
issues somewhat.
The only thing I had to really configure was exim.
This delivers to ~/Maildir
local_delivery:
driver = appendfile
group = mail
mode = 0660
mode_fail_narrower = false
envelope_to_add = true
return_path_add = false
directory=${home}/Maildir
maildir_format = true
prefix = ""
And the following parts use spamassassin, the first goes in Transports
section, while the second goes in the Directors section.
# Spamassassin
spamcheck:
driver = pipe
command = /usr/sbin/exim -oMr spam-scanned -bS
transport_filter = /usr/bin/spamc
bsmtp = all
home_directory = "/tmp"
current_directory = "/tmp"
# must use a privledged user to set $received_protocol on the
way back in!
user = mail
group = mail
return_path_add = false
log_output = true
return_fail_output = true
prefix = ""
suffix = ""
# Spamassassin
spamcheck_director:
# do not use this director when verifying a local-part at
SMTP-time
no_verify
# When to scan a message:
# - it isn't already flagged as apam
# - it isn't already scanned
# - it didn't originate locally (as long as I don't harbor
spammers ;-))
condition = "${if and { {!def:h_X-Spam-Flag:} {!eq
{$received_protocol}{spam-scanned}} {!eq {$received_pr
otocol}{local}} } {1}{0}}"
driver = smartuser
transport = spamcheck
Everything else was just apt-get install and go.
Sean
On Sat, 2003-02-01 at 08:08, Hans Wilmer wrote:
> Hi!
>
> Currently I'm trying to figure out what software to use best to set up
> an IMAP server for the company I'm working at. I'll be using Debian
> Woody for the server, and the following requirements and suppositions
> are given:
>
>
> + about 60--100 users
>
> + Mail must be saved on the server, not on the clients.
>
> + Users should be able to create folders and subfolders to store their
> mail.
>
> + Mailboxes are mostly accessed via a webmail client. The webserver
> may run either on the same server or on another maschine.
>
> + Exim should be used as MTA; amavis and spamassassin should be used.
> Mail filtering by .forward files and eventually maildrop should be
> possible; probably assisted/done by the admin (vacancy,
> redirections, maybe automatic sorting into folders).
>
> + Users may be real users on the server. --- Are there good reasons
> against this?
>
> + The server needs to be backed up daily. In case some user manages
> to accidentially delete his mail, I'll have to recover from the
> backup. This leads to:
>
> + Mail should be stored in maildir format (in users' home
> directories). The server will use ext3fs.
>
> + Each user should have about 1 GB to store his mails. This will
> probably be enforced by setting filesystem quotas. Are there
> better solutions to set maildir quotas? Users should be informed
> automatically in case they reach their quota limitation; the admin
> should get a note, too.
>
> + Some/most users will store quite a lot of mail (in the sense of the
> amount of data, not the number of mails). This should not
> impact performance too much. (leads to using maildir, again)
>
> + It would be nice to have POP3 working, too.
>
> + To make things easy, I'd like to stay with software from standard
> Debian packages, but that's not a must.
>
>
> As of yet, available software to build the server seems to be quite
> limited:
>
> Cyrus seems to be good for performance, but it is using its own format
> to store the mail. That would make it impossible to recover particular
> mailboxes from backups, and if something goes wrong, you're more or
> less left stranded because of the propriatry format that is used.
>
> Courier would do maildir, but it is an MTA in itselfe. It might be
> possible or even a good idea to only use the imap server of
> courier. But I don't know how nicely or if at all it suffices the
> above needs. What would you suggest here?
>
> As of yet, the capabilities of uw-imapd are unknown to me. Does it
> support maildir?
>
> There's also a mailutils-imap4d package. It is as unknown to me as
> uw-imapd. Does it support maildir?
>
> How do I improve secure operation and reliability? For example, while
> backing up the server, mail might be delivered or sent
> nonetheless. And even with daily backups, when having to recover from
> a backup, the intermediate traffic would be lost.
>
> Since the costs are a critical issue, the server will have IDE disks
> and probably no hardware RAID. Does IDE RAID work at all? Does it make
> sense to use lvm to mirror the data to a second disk (instead)? (I
> havn't used lvm yet, but I think mirroring is possible?)
>
> (On the long run, there should be a second server to accept mail from
> the outside world as a fallback in case the 'real' server is down. It
> should keep the incoming mail in its queue to deliver it to the real
> server when it comes back online.)
>
> Any suggestions are greatly appreciated. Thanks in advance!
>
>
> GH
>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
