netbsd-users: Re: FreeMail with NetBSD

Subject: Re: FreeMail with NetBSD
To: Tobias Schuepp <tobias.schuepp@antwerpes.de>
From: Manuel Bouyer <bouyer@antioche.eu.org>
List: netbsd-users
Date: 12/01/2001 21:46:40
On Sat, Dec 01, 2001 at 06:05:07PM +0100, Tobias Schuepp wrote:
> Hello,
> 
> i want to set up a FreeMail Service based on NetBSD. The requirements
> are:
> 
>         * up to 4000 Mailboxes
> 
>         * IMAP Support
> 
>         * Webinterface
> 
>         * (strong) crypto
> 
>         * virus filter software
>         
>         * fast and stable
> 
> Does anyone know what software to use and what server hardware to
> set up the system? Does anyone has any experience with it?

I don't have experience in such a large system, but I have a mail/web
server with > 200 mailboxes. It's a P200 with 64MB RAM.
Limitation here isn't the CPU but RAM and disks.
You shoudln't need much CPU power so a modern PC should be enouth.
However you want a lot of RAM, and configure a large buffer cache (see
options(4) for details). You also need a good disk system: a good SCSI adapter
(I would use a symbios53c895 based adapter such as the teckram 390U3 but
I may be a bit biased on this :) and several disks to spread the load.
Especially system, /var/mail and /var/spool/mqueue on separate
disks (or eventually /var/mail and /var/spool/mqueue on a raid0 system spread
accross several disks). You need reliabilty and can afford it, get 2 scsi
controllers, and 2x disk to put the whole system on raid1.

As software: you should have all what you need in pkgsrc. I use imap-uw
and both horde+imp and squirrelmail as webmail software, apache as web
server (with php module). imap-uw supports SSL, and with apache you have SSL
support too.

I don't use any virus filter software on my mail servers (I've this on
windows machines) but I've installed the procmail sanitized (you need
to install procmail and make it your local mailer for this):
http://www.impsec.org/email-tools/procmail-security.html

It's not really a virus filter but a general email filter for weird things,
no it may not do exactly what you want: it blocks all attachement with weird
3 letter suffixes, or attachement with dual suffixes (.jpg.vbs for example),
and change filename for some others extentions (so the user has to
really do something to load it under windows). It also catch other
exploit of windows or Unix mailers, such as buffer overflow in some
headers, javascript in html, etc ... I've found it to be really efficient
against new viruses for which no definition exists for antivirus software.
But your users may not be happy with such an agressive filtering :)

--
Manuel Bouyer <bouyer@antioche.eu.org>
--