[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: webmail options for sarge with php5

Hi Joseph,
In the past we have run our organisation's email on a virtual server of lesser specification that yours (less ram) and it all worked very well.
We used Postfix with MySQL virtual users and maildir format mailboxes. This worked well. I cannot recommend Postfix highly enough.
We used Courier-POP3 and Courier-IMAP (+SSL) and were very pleased with both. Courier supports Maildir including the maildir++ quota extensions.
We used SquirrelMail for webmail on top of PHP4. I like SquirrelMail because its simple and just works.
Your most powerful weapon for fighting spam are DNS and SMTP checks applied through Postfix, including carefully selected RBLs.
You can block 90% or more of SPAM at SMTP level, which is particularly important for you because content filters like SpamAssassin are very CPU and memory intensive. You want to block as much as you can at SMTP level, before it reaches your content filter.
We used Amavisd-new as a content filter, with SpamAssassin and ClamAV. Both worked well out of the box, although Spam Assassin can be extended.
On a virtual server you won't be able to pass huge amounts of messages through your content filter, but 256MB of RAM should be sufficient to handle a low volume of mail.
All of the above was using official Debian Sarge packages. No back-ports and nothing compiled from source.
SquirrelMail is an IMAP client like any other (although web-based) and so all authentication is handled by the IMAP server.
If you use only webmail then you don't need SMTP-AUTH (SASL) because Postfix will allow localhost to relay mail. But SMTP-AUTH is essential if you want to allow remote users to relay mail out. 

PS) Now you have your own box, don't forget to do backup!

HTH, Andrew


Joseph Neal wrote:
So, I assured everyone in my little organization that that moving from shared hosting to a VPS was in fact a good idea, that that they could still have their free web mail and that it was not in fact paying more money for fewer features. Now they want their webmail. It now occurs to me that I don't know a damn thing about email. I'm using sarge with the dotdeb php5 packages so I get dependency errors regardless of what try to install, but I know they lie. I've got postfix configured and working fine for an MTA. I am intrigued by courier and would not mind going with an all courier setup, including their webmail thing if that would be saner than mixing packages. I'm planning on some downtime to upgrade to etch and migrate to mysql5 between Christmas and the new year should etch actually make it out on time. That would be a good time to change MTAs as welll. For the record I think changing from "debian releases when it's ready" was a bad idea. Anyway. I'm on a a VZ based VPS with 256 ram, though I removed all the control panel crap they loaded it up with by default. Memory overhead is a concern. I need to provide email for 30 people, with that number expected to expand to to no more than 50 before we're able to increase resources. questions: Am I better off trying to shoehorn in packages from etch or packages from sarge to work with the dotdeb php5? I'd prefer horde, but I'm not up to maintaining it with packages from upstream so others will work. 

Can anyone vouch for these?

http://debian.jones.dk/hykrion/pool-sarge-all/horde3/
Is there an advantage to upgrading to the postfix package in backports? Since the webmail client is the only thing that's going to need to be making connections to a POP or IMAP connections, how many corners am I going to be able to cut security wise? Does the webmail client usually handle authentication or is webmail authentication usually done the same as when it is accessed remotely? I'm hoping to avoid setting up TLS or SASL if I can help it. Would I be better off leaving php out of the picture and just offering remote access and no webmail? 
Given my memory limit, what's the best spam solution?
I'm tempted to make them all learn to use mutt. (no, i'm not getting paid for this.) 

thanks
Reply to: