June 30, 2004

Setting up a mail server

I’m gearing up to set up a mail server for a client. I’m planning Postfix and Cyrus IMAP at the heart of it. PostgreSQL will probably end being used to store user information and maybe (hopefully) aliases. Web-cyradm will probably be the customer’s interface to maintaining users.

What follows are a bunch of links with little context.

Newer versions of Cyrus have virtual domain support. Check out messages from April 2004 on the Web-cyradm mailing list for a supposed patch to make Web-cyradm work with virtdomains. There is a Postfix-Cyrus-Web-cyradm-HOWTO.

I’m going to need to port user names and passwords from vpopmail to Cyrus. I’m thinking that by storing authentication information in PostgreSQL, this should be easy as long as I can figure out the encryption method used by vpopmail and the Cyrus SASL library support whatever that method is. Kind of looks like MD5.

On another note, the Cyrus SASL library does support talking directly to MySQL/PostgreSQL in its latest version(s), but FC2′s cyrus-sasl RPMs don’t include this support. (The way it’s been done in the past is apparently having SASL talk to PAM which will talk to (usually) MySQL.) The spec file specifically passes --disable-sql to configure. Look for me to build some RPMs with PostgreSQL support enabled.

Postfix has two kinds of content filtering: the more common after-queue content filtering and before-queue content filtering. Before-queue content filtering gives you the ability to reject messages in conversation. Postfix is kind of nice about it and talks SMTP to another server to do content filtering. I think I could use this in conjunction with amavisd-new to call out to SpamAssassin and ClamAV. There is some doubt that before-queue filtering is a good idea because you will end up running out of child SMTP servers and rejecting mail, or possibly timing out remote SMTP servers if your checks take too long. Talking to Nightwolf made me feel a little better about this though. I don’t think my mail server is going to have enough e-mail coming in to it for me to worry about it. Maybe. I guess I’ll have to watch for that somehow. Snort to monitor connection attempts or something?

Finally, if you want to implement something like milter-sender in Postfix, Postfix already has this ability build in. Check out http://www.postfix.org/ADDRESS_VERIFICATION_README.html. Theory has it that using this might tie up a lot of SMTP server children, but will also block a lot of spam.

I’m a little concerned over whether I’ll be able to do recipient address verification with the presence of aliases. If only Cyrus knows about aliases, and doesn’t keep in them in PostgreSQL, I don’t know how I’ll get Postfix to know about them. I guess I’ll cross that bridge when I come to it.

Comments are closed.