Submitted by “There are a couple of Linux howtos floating on the Internet that deal with this very subject. As a matter of fact, those guides are what inspired me to write this one. In the spirit of keeping it simple, let me recommend the Mandrake or as it’s currently known Mandriva Linux distro. This guide has been written with this distro in mind.”
isnt there one for Centos/RHEL/Fedora/Debian/Suse/Solaris/Slack which are more well known for there server distributions ?
Theres a pretty straight forward howto for debian at http://www.piratefish.org. I had it up and running in about half an hour.
Edited 2006-06-29 12:18
Ideally the http://www.piratefish.org is nice however it does cover user aliases for example
i have mydomain.com
which my SMTP/gateway/smarthost recieves all mail for. Once filtered etc…
it then has a user list knowing which user belongs to which subdomain, i.e
london.mydomain.com
usa.mydomain.com
and forwards the email to the relevant exchange server, the problem is managing the user addresses on two seperate locations.
While I have no particular beef with Postfix (it works well enough for me on many machines, and I much prefer it to sendmail…kudos to NetBSD for switching to Postfix exclusively in the default install), I wonder about the wisdom of running two layers of perl in order just to scan for spam and worms (exactly what you’re doing when you run spamassassin and amavisd). If you have any kind of user-base on that exchange server, you’re going to need a pretty hefty machine to do this (and run the bloatware that is mandribble these days).
A much more elegant and efficient solution is just using Exim4. Exim4 can speak directly to spamd and clamd without using the front-end programs, and scans the incoming smtp stream, *not* a message that’s already been accepted on the machine.
I had a setup like this for awhile, scanning several thousand messages a day….almost zero load on some crap machine running NetBSD 2 (something like a celeron 366 with 64M).
Perhaps I’ll get around to finishing the HOWTO on it here soon.
Perhaps I’ll get around to finishing the HOWTO on it here soon.
Please do!
Regarding Postfix and Exim’s security, I was intrigued by this Slashdot post:
http://bsd.slashdot.org/comments.pl?sid=187071&cid=15435040
Sure. But nobody ever claimed that Exim was the be-all-end-all of MTAs — but it is, IMO, the easiest to setup to protect windows machines. You can do many of the same things with qmail (and I have), but it’s a lot harder to do than with Exim. Doing *anything* with qmail these days is almost painful, as the code is now really ancient. I’m wondering if you can find a modern Linux/BSD where qmail-1.03 compiles and runs out-of-the-box. You can do some of the same things with sendmail, too, but that involves lots of experience with milter, and dealing with nasty m4 scripts. Postfix doesn’t support a lot of these features, and you’re pretty much forced to deal with something like amavis.
If security was the only concern, everyone would run OpenBSD.
Also, use policyd – it runs before Postfix, and GREATLY reduces the load that Postfix/Spamassassin/Clamav/etc will need because policyd takes care of the greylisting, plus plenty of other cool things to cut WAY DOWN on spam and junk email:
“Policyd is an anti-spam plugin for Postfix (written in C) that does Greylisting, Sender-(envelope, SASL or host / ip)-based throttling (on messages and/or volume per defined time unit), Recipient rate limiting, Spamtrap monitoring / blacklisting, HELO auto blacklisting and HELO randomization preventation.”
http://policyd.sourceforge.net/
A great project, I can’t imagine the resources saved by usingt his, love it.