New Mail Server

So, for the past few months, I’ve been prepping a new mail server for the station. The one that we had been using was really becoming taxed. It was a retired salesperson’s machine, running Debian Woody. When it had fifty pop accounts with no filtering it was fine. Double the number of accounts, add in spamassassin, and make about 30% of those users imap users, and you’ve got a machine that is smokin’.
Last year, we built this dual xeon machine to act as a server for some new billing software. We were kind of a testbed for this software, and, well, it sucked. So, they went back to the old stuff, and I had this free big baller machine. For a time, it served as a streaming audio host. Then it served as a fileserver for a time.
I decided to make it into the new mail server. At 757 Tech, I’d set up a virtual hosting mail server using qmail, vpopmail, etc. It works pretty well, and it’s got some nice features as far as web administration. Best of all, you don’t need an account on the machine for each address. Stlll, it was a pain in the ass to set up, and it’s difficult to maintain. I’d also done the conversion of users.757.org from sendmail to postfix.
I had pretty much decided that I wanted to use either qmail or postfix for the new machine, as they’re more secure than a gigantic setuid binary. Qmail, of course, has the djb-induced weirdness that comes along with qmail, but it doesn’t bother me that much. It is, however, a bitch to setup, especially if you want it to do more than just deliver mail.
I fiddled around with qmail and some of the virus/spam tools that ride atop it….qscanq, qmailscanner, etc. Never could get it working the way I’d like, and they eat an extraordinary amount of resources. Postfix was a bit easier to setup. Again, just setting it up to do unix mail is easy. Combining it with SpamAssassin, and ClamAV, well, that’s a different story. It seems that most people use either MailScanner or Amavis. I tried both, and was thoroughly unimpressed.
In the meantime, I’d setup exim4 on freebsd for my home machine. Bascially all the MTA on that machine does is deliver mail locally, and forward outbound mail to Cox’s smtp server. But I was impressed with how simple it was to set up from ports, and so I started looking more closely at it. Lo and behold, there’s this exiscan patch that does virus and spam scanning from within Exim without a nasty perl script. Better yet, it doesn’t use the helper programs (clamdscan and spamc), rather, it interfaces with the daemons directly.
So, I settled on doing that. It rocks! Had some trouble doing the conversion, mainly with accounts that had been set up on the old machine between the time I duplicated the accounts, and the time I did the switchover. I wrote a script to call mb2md for each user to convert the old mail spools to maildir.
Only glitch I ran into really was a problem unrelated to the MTA. For some reason, the box gets caught in the D state with quotas enabled on the home directory. I disabled the quotas, and everything is working fine. I’ve got like 140GB for the users homes, so I don’t anticipate a problem anytime soon. The tarball moving the mail from the old machine was 2GB.
Still ironing out the minor glitches, but it seems to be sending and receivng mail as it should, blocking worms, etc. etc.