new email server

[brendan]

Gary Stainburn wrote:

>Hi folks
>
>I'm looking at replacing my aging RH7.3+Exim 3 + Sophos + home-grown 
>scripts with a FC3+Exim 4+ Sophos + whatever.
>
>I'm looking at virus and SPAM filtering.  Can anyone suggest good 
>configs and options.
>
>Gary
>  
>
Gary;
Let me preface all this by saying that I have no experience setting up 
an enterprise email system on a Linux platform for production, although 
I have done installed and configured many others (Exchange, Notes and 
GroupWise) in and for production use in small-medium-large and very 
large environments. 
I set out on a project a couple months ago to find a comperable Linux or 
BSD email platform to what I would expect from a brand new Microsoft 
email system.  So, I have also done a lot of tinkering lately with BSD, 
and Mandrake and FC3 Linux platforms testing MTAs (Courier and Sendmail 
so far).  While I find that the Courier package is a more complete all 
around system, Sendmail was actually more straight forward and easier to 
configure using pieces of Courier and Cyrus (and others) to fill other 
requirements.  I prefer BSD for jsut about any production utility 
service, like email, because it's possible to build a precise 
installation with hardly any overhead.  Troubleshooting anything in BSD 
is a nightmare of cryptic error messages and long nights searching for 
documentation, more experience with BSD would probably have lead to a 
better impression.  I found Sendmail and FC3 to be the most straight 
forward to install from what I compiled on the machine or using the 
rpm(s).  Although neither FC3 nor Sendmail are perfect, FC3 and Sendmail 
would be my first choice if I wanted to build a system and move it to 
production quickly.

The 'add-ons' can quickly become like chosing toppings for a plate of 
nachos at 7-11.  You start out wanting email and antivirus but end up 
with webmail, various authentication packages, administrative tools and 
end-user goodies piled on top.  I would warn you to be careful when you 
done testing and not put a machine in production that's had a package 
tested and removed because MTAs become extremely complex and it's 
difficult (sometimes impossible) to remove even the smallest package 
cleanly, but you probably know and wouldn't do that anyway.  Sendmail 
with Courier-IMAP because I like the way Courier-IMAP folders resemble 
Exchange IMAP folders and ClamAV.  I have tested Squirrel Mail also and 
find that I prefer that ANY webmail package to be installed on a 
seperate web server (that includes Exchange and Outlook Web Access).

Since I started using reverse MX lookups I have eliminated almost all 
the spam from my systems, have have not felt the need to add 
spamassassin yet, but probably will in the next week.  Using something 
like Cyrus saslauth in conjunction with reverse MX and spamassassin 
would be a great way to support road warriors and keep keep most spam 
off of your system.  If you have an Active Directory or other LDAP 
structure to authenticate to, I have had success with Courier's 
authentication package and I recommend encrypting it all using SSL.  
Using SSL gives you the option to securely authenticate across untrusted 
networks with plain text or encrypted passwords.  Not that I recommend 
plain text authentication, but it is simple and easiest to configure and 
removes a layer from troubleshooting.  I also found that I needed to 
compile SSL from the source because the rpm was missing something I 
needed (but I do not recall what that was).  I don't have any travelers 
to support so I use putty and mutt or port-forwarding if I absolutely  
have to have a graphical client.

I have not tested any other AV package but ClamAV.  I find it straight 
forward, easy to work with and reliable, so I could not, and probably 
would not, recommend any other.

I hope something from here is usefull, now I"m  consdering Exim and Sophos!