On Sun, 13 Sep 2009 22:58:57 +0200 jean-francois <[email protected]> wrote:
> Hello, > > I am currently setting up a mail server comprising of the following > services : > > - mail (send/receive) > - accounts (base of some many clients) > - webmail > > I would like to use as much security as possible. > > After some searches on google, I am not completely sure about the > choices I should take. > > Regarding the choices of OpenBSD, is it so that there is a recommanded > way to do or shall I install whatever does the job ? > > Thanks for your experience and hints. > > BR > JF Take whatever software your are most comfortable with configuring to your needs. smtpd: OpenBSD comes with 'sendmail' as default smtpd. So if you can roll with that, you get something from base with all the advantages that come with that. (SASL support still needs a recompile of sendmail.) 'opensmtpd' is in base, also. It looks very promising. But gilles "if you use it in production..." statement still stands. (Not yet.) Lots of poeple like 'postfix'. If you can't stand sendmail, give it a try. pop/imap: If you only need pop3, 'pop3d' is in base. You can give it pop3s support with 'stunnel' from ports. Wan't more than pop3, like imap support, i'd advise to try 'dovecot'. This also gives you more choices from where to pull user/authentication info. webmail: This is imho the hardest choice to make. In the end in comes down to how secure your webserver setup is. If you need something that looks good to the enduser i'd tend to say 'roundcube'. user/account management: a setup with system/local user's is the easiest to get right. to ease the management some simple script help it a lot. other choices are userinfo in ladp or sql, directly eg. through dovecot's auth deamon. if one wants to take the database out of the "downtime equation" there is always the possibily to sync to textfiles or use a combination of both. postfix + dovecot + roundcube = easy setup and happy customers. You can look at howto's, but don't religiously stick to them. If you want a secure setup, understanding what every relevant config option does is paramount. (The default configs installed by the packages only need little edditing to get up basic functionallity.) Cheers - Robert
