A year and a half ago I built a Linux/qmail server to replace an aging
Windows NT 3.51/Microsoft Mail system. This system has been working
flawlessly since its inception. However, after a while management wanted
to
have a web site, so I installed Apache. Then they wanted Internet access
for
their employees so I installed Squid. I was even forced to install Samba
when the original mail storage server died on us. Needless to say, I am
now
looking into separating a couple of things.
Qmail will be the first preverbial victim. The now a year and a half old
'ye
standard qmail build' will have to replaced by something more enhanced.
Among things, it should:
(1) check if a FQDN exists for the sender's IP (if not: no go);
(2) allow POP3 access via SSL only;
(3) extract any mail attachment and check it for various things;
(viruses, unallowed extensions, etc.)
(4) support delivery to same users at different domains;
(5) allow only a more rigid form of authentication;
(e.g. POP-before-SMTP)
For (2) I guess any standard SSL wrapper will do and virtualdomains should
take care of (4) after some trial and error. I have no idea about (1) and
(5) though. Regarding (3) I've seen qmail-scanner mentioned several times.
I've downloaded the Life with Qmail page and will be devouring it shortly.
Are there any patches that I should really consider? Any other things or
specifics that I might be missing? Pitfalls I should really look out for?
--
Johan Van Gompel
--
Sent through GMX FreeMail - http://www.gmx.net
