[Dclug] Mail server recommendations

Tim tim-lug at sentinelchicken.org
Fri Nov 16 14:30:26 EST 2007 

> In the end though, Qmail will need some things such as Courier-IMAP, 
> SquirrelMail/Imp+Horde, Webmin (anyone suggesting Plesk will be shoot by my 
> staff and I personally!), Amavisd, ClamAV, and SpamAssassin (probably some 
> more without looking at how we use to do this setup "back in the day") with 
> a DB back end (MySQL was my choice then) to handle the virtual domain 
> hosting and other requirements requested by Ben originally.  Same with 
> using SendMail or Postfix in place of Qmail. After some hair pulling, 
> R&D'ing, and reviewing various postings on the subject matter...I give Ben 
> a day or so to get it going configuration wise on a non-Gentoo box.  Gentoo 
> wise, add in an extra day or so for compile time (yes, I am also a Gentoo 
> sadist ;-)).

Sure, it definitely needs some third party software for most
installations.  Keep in mind though, much of the software you listed is
not strictly necessary.  I personally am not a fan of SpamAssassin, and
ClamAV has had lots of vulnerabilities lately, so you need to pick your
poison.  What's worse, a few viruses making it to your users, or a
remote execution hole in your mail server[1]?  Many people would not
consider anti-virus as an essential part of a mail server.  Others
would.  I personally despise webmin and the very idea of needing a
freaking GUI to configure a mail server, especially when qmail is so
easy to set up (assuming you can RTFM). Others would feel something like
this is essential.  Courier-imap is not essential either, I believe
there are alternatives now for IMAP with qmail.  I don't run it though,
so I'm not sure.  Oh, and why do you need a DB backend?


> For "quick(er) and simple(r)" I am going to suggest Zimbra and Scalix 
> instead.  Zimbra uses Postfix and Scalix uses Sendmail IIRC.  And to be 
> honest, Scalix use to be HP's old OpenMail system I am told too...so there 
> is some history for folks.

Open source is about flexibility.  If you're just looking to replace
something that costs $$ with something that doesn't, then you'll likely
find the time invested to set up most open source solutions costs you
more in the short term and may not be worth it.  However, if you put the
time into understanding the system you're implementing, you'll have many
other long-term gains in stability, flexibility, and security.

Now Crawford, I don't doubt that you've done your research, since it
seems your business depends on it.  But assuming one wants to implement
an open source solution on their own, I'd think they'll be best off
looking for those long term gains.  This may not be what the original
poster was looking for, but I think it's important to understand what
the risk/rewards are for going an open source route.

My $0.02,
tim


1. Note these problems with AV are not exclusively with ClamAV, and no
   AV will stop all viruses at your border.  In fact they're really
   terrible at detecting new viruses.  Be sure to weight the security
   benefits against the negatives.

More information about the Dclug mailing list