| www.nerdgirl.dk |
|
Index About... Linux >> |
| FreeBSD |
|
Q&A Installation Update Network configuration The ports collection Adding users Newsyslog Crontab (task schedule) Files and directories Synchronize the clock |
| Databases |
|
MySQL Installation phpMyAdmin PostgreSQL Installation |
| Apache |
|
Installation Configuration Monitoring activity PHP WebDAV htaccess Webalizer MG2 gallery phpGedView |
| ProFTPD |
| Installation |
| Postfix & Co. |
|
Setup considerations Postfix tutorial Monitor activity |
| Vim |
| Installation |
| Shell |
|
Changing shell Changing the prompt 8 Bit encoding |
| Misc |
| Terminal emulator (term) |
| To do... |
| Accounting |
|
SQL Ledger |
| Version Control |
|
CVS commands Subversion |
| Teamspeak |
| Server |
Mail setup considerations
- Choosing MTA
- Virtual users vs. local users
- mbox vs. maildir
- SMTP authentication
- My final setup
- Step-by-step tutorial
My first priority was to get my website up and running, since this is where I document everything. After that I turned my attention to the mail part of my server - so I entered the exciting world of MTA, SMTP, IMAP, POP and all there happy little friends.
The concept of setting up a mail server can be very very simple or extremely complicated. It all depends on your needs.
Choosing MTA
First of all I had to make a choice of which MTA (Mail Transfer Agent) I wanted to use. The MTA - also called a mail server - is a program that transfers mail between computers. The MTA works behind the scenes, while the user usually interacts with another program, the mail user agent (MUA).
There's a lot of MTA's to choose from. FreeBSD comes with Sendmail, the standard MTA under most variants of the Unix operating system. But I heard that Sendmail is complicated and therefore not recommended to newbies, and there is several others to choose from (Exim, Postfix, Qmail and so on).
As a newbie it is almost impossible to make a sensible choice. My advice to you is: ask your friends or consult homepages and newsgroups via Google. Use words like "MTA", "MTS" and "review" in your search. When you have an idea of which MTA you want, check for howto's and tutorials that will help you get started. If you only find little or nothing, you might have to reconsider.
But it is most likely that the MTA is only one of the building stones in your mail system. When you have the basics up an running, you'll soon want to add Spamcontrol, Antivirus, webmail and so on...
Virtual users vs. local users
A local user, is a user with a physical account on the server. These users are created with adduser.
A virtual user don't exist on the server. These users often reside in a database.
If your mailusers don't need direct access to the server, for example via ssh, there's no need to clutter the system with homedirs. Physical users is also always a security risk. Only server administrators should have physical accounts.
Virtual users is a bit more difficult to setup initially, but since they don't have access to the server, you don't have to worry about them.
There's a lot of other advantages when using virtual users, that I'm sure you'll discover along the way.
Email storage - mbox vs. maildir
mbox concatenate individual messages together in a single file. Only one process can access the mbox file in read/write mode, which means everyone else has to wait for an update to complete (file locking).
maildir stores each message in a file of its own. No locking is required. Multiple processes can use maildirs at the same time.
Both have advantages and disadvanteges, but as I understand the maildir format is the safest and fastest. If you want to read more about this topic, make a "mbox vs maildir" -Google search
A third but not widely used method, is to store mail in a database. But this will not be discussed here.
SMTP authentication and TLS
In the "old" days, users only authenticated themselves when receiving mail via POP3/IMAP. As a result of that, POP3 and IMAP has built in support for authentication. But to effectively prevent spammers from relaying through your mailserver, it is necessary to always ensure that everyone using your system, is a legal user. To use authentication via SMTP you need SASL (Simple Authentication Security Layer).
But when users login, the username and password is transported to the server in clear text. Someone "listening" to the communication could grab the information and exploit the user account. This means that any communication between client and server should be enctrypted. For that purpose you can use TLS (Transport Layer Security).
My final setup
I finally decided to go with this setup:
| MTA | Postfix using maildir, virtual users and support for MySQL, TLS and SASL2 |
| Database | MySQL - for storing virtual user accounts and user settings |
| SASL | Cyrus SASL Library which provides applications with an implementation of the Simple Authentication and Security Layer (RFC2222) |
| IMAP/POP3 | Courier IMAP server which provides IMAP and POP3 both with and without SSL, for accessing mail via webmail/MUA. With webmail HTTPS can be used to prevent passwords from being transported in plain text. With mail clients the same can be accomplished by using TLS (SSL) for both incoming and outgoing mail. | Webmail | Squirrelmail - an interface for accessing mail via the web written in PHP. |
| Spam control | The one and only Spamassassin |
I have a step-by-step tutorial which shows you how to implement this: Tutorial