On Fri, Jun 09, 2006 at 07:07:19AM -0400, Pancho Cole wrote:
> I have been building and testing some postfix mail server
> configurations recently, and I am looking for advice.
> I currently have postfix authenticating against the password file,
> but I think I want to use SQL (PostgreSQL) or LDAP, though I have
> limited SQL experience and only some LDAP admin experience.
Any particular reason? I've found a properly scripted password file
works quite acceptably, and less complexity means less problems down the
road.
Then again, I'm not a big fan of SQL for pretty much anything.
I've never used LDAP for anything 'real', but I've heard that the only
really useful Open Source implementation is OpenLDAP, and that OpenLDAP
is *very* slow.
> I will be using SMTP authentication, TLS for those that want it,
Are you using SASL authentication, or TLS certificates? The latter is
superior, if you can get it to work.
Either way, recent Postfix versions should handle this well, though ISTR
the whole client certificate issue being less than elegant.
> I
> would like to enable quotas to limit the folks who don't delete
> messages,
Wietse believes this cannot be adequately solved in the mailer, and is
likely to be right. Some third-party patches exist, though.
This might have been solved since I last looked, but some kind of charge
for large mailboxes might be the way to go.
> and I think I should be using maildir mailboxes.
That's a very good idea.
> Of course
> I will install POP and IMAP
Look at dovecot, it's simple, fast and secure.
> I also need to install a webmail service on the box.
I use Hastymail; it doesn't support everything, and is written in PHP,
but otherwise doesn't suck as badly as most other offerings I've seen.
(Of course, mutt sucks less, but somehow most people don't seem
comfortable with being granted shell access to some *NIX box and told to
use mutt for mail...)
> This box will host no more than ~200 virtual domains, and some of my
> customers get a LOT of spam as their addresses were harvested and
> sold years ago, so I guess I will try the spamd first, but I may
> need to get a barracuda gateway filter to lessen the load on the box
SpamAssassin can do quite a bit; especially when combined with
appropriate extra software (Vipul's Razor, DCC, and possibly dspam, for
instance).
Also, some sort of greylisting scheme might help. Be aware that there
are very real downsides to greylisting - most notably, mail server
admins would need *much* more spool space if everyone used it.
However, this is on the other side. On your side, people seem to expect
e-mail to be a near-instant, reliable bulk data transfer service. While
it *is* reliable in the sense that it usually tells you when it fails to
deliver a message (though that only helps for people sufficiently
clueful to actually read it), it's neither instant nor good at
transferring bulk data. Good luck getting anyone to recognize that,
though.
> I am looking for hints and suggestions - thanks.
Hope the above helps...
Joachim
