6

I am looking at various FOSS options to build a robust EMail solution for a government funded university. Commercial options are to be chosen only in the worst case scenario. Here are the requirements:

  • Approx 1000-1500 users - Postfix or Exim? (Sendmail is out;-))
  • Mailing lists for different groups/Need web based archive - Mailman? Sympa?
  • Centralised identity store - OpenLDAP? Fedora 389DS?
  • Secure IMAP only - no POP3 required - Courier? Dovecot? Cyrus??
  • Anti Spam - SpamAssasin? what else?
  • Calendaring - ??
  • webmail - good to have, not mandatory - needs to be very secure...so squirrelmail is out;-)?

Other questions:

  • What mailbox storage format to use? where to store? database/file system?
  • Simple and effective HA options? Is there a web proxy equivalent to squid in the mail server world? software load balancers?CARP?
  • Monitoring and alert?
  • Backup?

The govt wants to stimulate the local economy by buying hardware locally from whitebox vendors. Also local consultants and university students will do the integration. We looked at out-of-the-box integrated solutions like Axigen, Zimbra and GMail but each was ruled out in favour of a DIY approach in the hopes of full control over the data and avoiding vendor lockin - which i though was a smart thing to do. I wish more provincial governments in the developing world think of these sort of initiatives

As for OS - Debian, FreeBSD would be first preference. Commercial OS's need not apply. CentOS as second tier option...

James
  • 7,553
  • 2
  • 24
  • 33
  • Well, couple of questions as these things can't be thought of blind: 1) What is your current central account management system? 2) What OS are most of your users going to be using as their primary OS? 3) Does the client need to be integrated or is running multiple clients ok? 4)What is your primary server OS? 5) Can faculty and staff use a different system than students? – Zypher Apr 06 '10 at 19:21
  • 2
    The problem with rolling your own to avoid vendor lock-in is that it's difficult to avoid ending up being locked in to specific IT people. If one of them gets run over by a cement mixer, it's just like having vendor go belly up. :-( – Brian Knoblauch Apr 06 '10 at 19:37
  • They use a third party host for now - but service has been crappy and the number of accounts is expected to grow. client OS's are windows and linux. all students and faculty should use the same system –  Apr 06 '10 at 19:55
  • As far as Webmail goes, check out http://www.horde.org/imp/. That used to be my preferred but I've not run it in a little while. – Warner Apr 07 '10 at 03:02

2 Answers2

4

You're best off sticking to "standards" as much as possible, in my eyes that means;

  • MTA: Postfix
  • IMAP: dovecot
  • Auth/routing/etc: OpenLDAP
  • Mailing lists: mailman
  • Spam/virus: amavis + clamav + $commercial_scanner + SpamAssassin
  • Webmail: Squirrelmail is probably your best option. You could try Roundcube.
  • Calendaring: just use Zimbra if you want calendaring.
  • Mailbox storage: Some flavour of maildir, on the filesystem. Don't use a database. Metadata is fine to live in a database but messages belong on the filesystem.
  • Proxying/routing inbound requests: nginx or perdition
  • HA: that's more complex. DRBD + heartbeat between a pair of servers for the backend mailbox storage.

Don't use unmaintained/out of date software, and don't install this kind of stuff from source - use your distro's packages. Your future sysadmins will thank you.

Using obscure software just makes it that much harder for the next person to maintain the system. Brian is spot on with his comment above.

Interested to know why Zimbra was discounted? It is open source after all. I've migrated a couple of "roll your own" installs onto Zimbra and it's much nicer than doing the integration yourself. Zimbra is worth it for the web interface alone.

James
  • 7,553
  • 2
  • 24
  • 33
  • 1
    FWIW if you *ever* insist on building from source, script the build so that the process is simply "untar tarballs" "update build script w/ new version tags" "run build script" "done, tada!" – Jason Apr 07 '10 at 11:10
0

There are probably many other solutions out there, but the one I know of and have fiddled with in the past is Matt Simerson's qmail toaster (runs on FreeBSD): http://mail-toaster.org/intro.shtml. I'm not certain it is current though, but something you might find useful at least.

Good luck,

--jed

Jed Daniels
  • 7,172
  • 2
  • 33
  • 41
  • 1
    QMAIL toaster isn't limited to BSD. It's a good "out of box" solution but if building your own is an option it's preferred, IMHO. QMAIL is my preferred MTA. – Warner Apr 06 '10 at 19:51
  • Thanks @Warner. Yes, I know QMAIL itself isn't limited to FreeBSD, but I was specifically recommending Matt Simerson's toaster instructions which include a significant number of add-ons that address the things the original poster wanted. QMAIL isn't perfect, btw, for example I believe it still will open up a new connection for each recipient even if they are on the same domain (thus producing many more connections than necessary). – Jed Daniels Apr 06 '10 at 21:17
  • 1
    Just FYI, there is a patch for that old problem of Qmail's with the multiple connections per domain... – Scott Lundberg Apr 06 '10 at 21:22
  • @scott-lundberg Awesome. Thanks for sharing. – Jed Daniels Apr 06 '10 at 21:44
  • QMAIL toaster isn't limited to FreeBSD. I used to run it on CentOS. – Warner Apr 07 '10 at 03:00