On Fri, Jun 09, 2006 at 07:07:19AM -0400, Pancho Cole wrote: > I have been building and testing some postfix mail server > configurations recently, and I am looking for advice. > I currently have postfix authenticating against the password file, > but I think I want to use SQL (PostgreSQL) or LDAP, though I have > limited SQL experience and only some LDAP admin experience.
Any particular reason? I've found a properly scripted password file works quite acceptably, and less complexity means less problems down the road. Then again, I'm not a big fan of SQL for pretty much anything. I've never used LDAP for anything 'real', but I've heard that the only really useful Open Source implementation is OpenLDAP, and that OpenLDAP is *very* slow. > I will be using SMTP authentication, TLS for those that want it, Are you using SASL authentication, or TLS certificates? The latter is superior, if you can get it to work. Either way, recent Postfix versions should handle this well, though ISTR the whole client certificate issue being less than elegant. > I > would like to enable quotas to limit the folks who don't delete > messages, Wietse believes this cannot be adequately solved in the mailer, and is likely to be right. Some third-party patches exist, though. This might have been solved since I last looked, but some kind of charge for large mailboxes might be the way to go. > and I think I should be using maildir mailboxes. That's a very good idea. > Of course > I will install POP and IMAP Look at dovecot, it's simple, fast and secure. > I also need to install a webmail service on the box. I use Hastymail; it doesn't support everything, and is written in PHP, but otherwise doesn't suck as badly as most other offerings I've seen. (Of course, mutt sucks less, but somehow most people don't seem comfortable with being granted shell access to some *NIX box and told to use mutt for mail...) > This box will host no more than ~200 virtual domains, and some of my > customers get a LOT of spam as their addresses were harvested and > sold years ago, so I guess I will try the spamd first, but I may > need to get a barracuda gateway filter to lessen the load on the box SpamAssassin can do quite a bit; especially when combined with appropriate extra software (Vipul's Razor, DCC, and possibly dspam, for instance). Also, some sort of greylisting scheme might help. Be aware that there are very real downsides to greylisting - most notably, mail server admins would need *much* more spool space if everyone used it. However, this is on the other side. On your side, people seem to expect e-mail to be a near-instant, reliable bulk data transfer service. While it *is* reliable in the sense that it usually tells you when it fails to deliver a message (though that only helps for people sufficiently clueful to actually read it), it's neither instant nor good at transferring bulk data. Good luck getting anyone to recognize that, though. > I am looking for hints and suggestions - thanks. Hope the above helps... Joachim