Within these pages I attempt to document what I am doing to setup an Linux email server that gets user information from a Windows NT server. The main reason for doing this was to get rid of Microsoft Exchange. Not because Exchange wasn't working, though I have encountered problems with it, but because we were not using all of it's features and, being a small company, we really cannot afford it. This does not mean we will not be making the appropriate donations once we settle on the packages we will be using.
(These pages cover now older versions of software who's configuration options may have changed. However I am leaving them up for reference. They do cover a setup I ran successfully for a year. I left the company after that, as it was purchased by another firm, to work for a much larger company running a Unix-based commercial package. I had no problems getting up to speed with it and found many similarities with what I had put together with open source software.)
If you are interested in building an email server without the NT part, just skip the samba stuff and also see the links at the end of this page.
These pages are currently a work in progress as I try different packages and configurations.
Our requirements
- No or very few extra steps when adding and removing users from the domain via NT.
- Ability to backup and restore individual user's email boxes without costly additional backup 'plug-ins'.
- Spam filtering. Preferably with RBL lookups, white lists, and individual user preferences.
- A public mailbox readable by the 'Domain Users' group and writable by a PublicFolder group.
- System wide address book(s).
- Access via the web for traveling folks.
- Virus scanning of all email as it arrives.
- An email client not as prone to vulnerabilities as Outlook is. (which is sort of a separate issue)
With Exchange 5.5 you can do everything except #2 (that I've found doing disaster recovery). Also, spam filtering requires expensive third party add-ons or the solution I came up with using LRP and Exim.
What I came up with
- OS = Red Hat 8.0
Decided to use this mainly because I am the most familiar with it. No, I'm not switching to 9 and I haven't had time to play with Fedora yet. - Samba
For communication with the NT server that we are keeping, for now. - MTA = Exim 4.x
Went with Exim after I got a feel for it on the LRP firewall. Most folks seem to use Sendmail. - IMAP = Courier's imap server
Another alternative is University of Washington's imap server (uw-imap)
This comes default with Red Hat, but I had to build my own to do something special. - Web Server = Apache
I had long considered switching our IIS to Apache. It is a really nice web server. - Web Mail = Squirrelmail
Another alternative is Horde IMP. I really like this package, but there are some things that irk me a little. - Anti-Spam = Spamassassin
I like it's configuration options. Exim can do RBL and white list as well. - Anti-Virus = ClamAV
InoculateIT is our AV software, but we need to upgrade to get Linux support. For now, ClamAV is working fine. - System-wide address books = openLDAP with PostgreSQL database as a backend
We needed to be able to use our contact information with MS Access and I wanted to eliminate keeping information up to date in two places. If we didn't need this I would only use LDAP. MySQL can also be used - Email client (aka MUA) = Thunderbird
I tried/wanted to use Pegasus. It would have worked, but it needed to be a fairly user friendly system (read switching Outlook users). I feel that its imap integration is still a little rough around the edges from a basic user standpoint, though I have heard that this part is soon to be rewritten. Thunderbird is working fine, so I doubt I'll switch once Pegasus is cleaned up.
Configuration Steps
In the following pages I have tried to outline what I have done. If a component did not meet my requirements but I had it working I will leave the steps for others. Most of this you can do with RPMs, but in a few cases you need to build the packages. If you have never messed with Linux, it is not as hard as you might think. Because my test server, an old workstation, only has a total of 1.3gig in hardrive space I have not installed X-Windows. Everything is done via the command line or through Webmin.
Note: The order listed below is not necessarily the order you have to install the packages. For instance I list LDAP last, but if you need Exim with LDAP support then of course you will need LDAP installed first. Also there may be components you do not need, such as webmail access which would knock out Apache, PHP, and Squirrelmail or Imp. And, too, there are other components that do the same things such as using sendmail instead of Exim.
- Install Linux
Download or buy the flavor of your choice. Red Hat is here.
The list of packages I installed on the test box for Red Hat 8.0 is here. - Setup Samba and Winbind
This is only required if you want to get user information from a NT server. There are many other ways to store users that a mail server can make use of. - Install and configure antivirus
(Originally this page had more than just ClamAV, but I think that is the only page that might be worth leaving up now.) - Build and Setup Exim 4.x *New: Building RPMs*
For virus and/or spam detection:
Patch into Exim and Setup exiscan (read before building Exim)
or
Install and Setup MailScanner - Build and Setup UW or Courier's IMAP *New: Building RPMs*
You can use the Red Hat RPM for UW if you do not want the ability to auto-create user directories on login via pam. - Setup Apache and PHP4
Using Red Hat's RPMs for now.
Setup SSL Certificates on Apache
Some of my notes on setting up Apache (removed)
I'll go more into the configuration at some point. For now see the respected package's web site:
Apache
PHP - Setup a system-wide address book
Setting up PostgreSQL & ODBC *New*
or
Setting up MySQL & ODBC
then
Setting up openLDAP with back-sql *New: Building RPMs, v2.1.x, PostgreSQL* - Install and configure webmail
Install and configure Squirrelmail
This comes with Red Hat 8.0, but the RPM expects sendmail (use the --nodep option). There are a few things in here that might help if you go with the RPM and it changes fairly quickly, so learning to install is not a bad idea.
or
Install and configure IMP - Install and configure spam detection by keyword
to come shortly
At this point I am still exploring backup options. We currently have a single server version of BackupExec for NT, though an older one. The main debate is do we keep the tape backup and it's software on the NT server or move it to the Linux server. If our email box works out for us over time we may consider dumping NT all together. Samba 3.0, along with Webmin, may be the key for us to switch.
The main problem I have with this setup is if the NT server goes down then Exim cannot get user information and there is no way for the users to login. I've found a way to defer messages being delivered if that happens, but I still think it would be better if I could replicate the SAM to this box. Maybe Samba x.x will have the ability to be a BDC to an NT PDC. Or maybe Samba-TNG is the way to go. I've tried these rather hastily and could not get them to work 100%, so I will have to come back to them later.
Some other pages of mine:
Related to the information here.
A few very basic linux commands
Other software that I use (removed)
Other "Setting up Linux Email Server" type pages:
http://www.arda.homeunix.net/ Qmail, Courier, Squirrelmail, Spfilter, and TMDA
http://www.firstpr.com.au/web-mail/ Postfix, Courier IMAP, Maildrop, SqWebMail, Postman, nice links to other webmail packages
http://www.clarkconnect.org/ Sort of a pre-packaged commercial solution (free option available) that looks rather nice from what I've read on their site. Exim is the MTA, UW-IMAP for the MDA, etc. Listing it for folks that may not want to get their hands too dirty. (grin)
My test box specs:
(Please don't laugh so hard [grin])
- Brand: Compaq Prolinea 575
- Processor: Evergreen 400 overdrive (reports as a K6-II 360 Mhz)
- Ram: 88meg
- Disks: IDE, hda = 1gig, hdc = 350 meg
- NIC: 3com 3c509 Etherlink III