postfix + dspam + mysql + (imap & pop) for virtual domains and relaying
After years of dealing with sendmail, and hosting a small handful of
domains using aliases and real system accounts, I've convinced my
partner to get serious about this whole email 'thing'. Before we commit
to one set of software in particular, I'd like to run my 'proposed
solution' by you guys, to see if this sounds workable. (By the way, I
apologize for the length, but my youngest just started throwing up so I
don't have time to make it shorter.)
We are looking to do both 'mx-based' filtering, and 'end-destination'
email hosting with spam and anti-virus built-in. I don't know how
common mx-based filtering is (I'm guessing pretty common nowadays), but
the short explanation is: we're the secondary mx for other domains.
The primary mx doesn't accept smtp connections from anywhere but our
relay server. All mail then gets routed through our server, scrubbed,
and passed on. We'd like to use the same servers to also accept email
for hosted domains, and provide clients with pop and webmail access
(direct imap access may be something we offer down the road, but not now).
1) For various reasons (including the pretty, pretty graphs), we're
pretty much committed to dspam. Everything else can be changed, but
using dspam for filtering is a go.
2) I'm leaning towards postfix, just because it's 1) not sendmail and 2)
there's a ton of documentation around the 'net on it. And after playing
with it for the last few hours, it doesn't seem very difficult to wrap
your brain around. I've already added support for looking into a mysql
table for usernames, among other things, and it was very straighforward.
3) clamav has been working for us for a while, and it works just great
as a dspam plugin, so that will probably stay
4) I'm leaning towards cyrus as our pop3/imap (for webmail) server, as
it seems to support virtual domains out of the box. I have no
objections to using anything else, either (I've had some experience with
dovecot and - a long time ago - uw-imap/ipopd).
5) mysql as the database to hold the aliases, uids, usernames, and
passwords (of course?). We're looking for this to scale, and nothing
says scalability and 'enterpriseness' like throwing stuff in a database.
6) Apache with mod_auth_mysql to view the quarantine for dspam.
My conception of how this works is as follows:
1) Mail comes in for a domain that we relay for, postfix checks mysql
for matching username@domain.com, checks another table to see if the
domain is 'active' (pays their bills), accepts the mail, runs it through
dspam, dspam gives it back (innocent) or drops it into the quarantine
(spam and endgame), postfix then forwards it on to final destination
mx server.
2) Mail comes in for a hosted client, postfix checks mysql for matching
username@foobar.com, etc, accepts the mail, runs it through dspam, dspam
gives back the innocent mail, postfix hands it off to the cyrus lda.
Does that sound workable? Would it be easier if I split out the two
functions, and had a 'destination' server that used our 'mx-relay' server
the same way as our clients? Is there anyway to have the password
encrypted in the database, that all the different clients (apache,
postfix via sasl, cyrus/whatever) can deal with? Is dspam smart enough
to be postfix's lda, and know to forward on all relay domains, but hand
'local' domains off to cyrus? Basically, what completely obvious,
boneheaded thing am I overlooking here, that will either make this
unworkable, or (better yet), simplify my life tremendously?
David Bishop
Reply to: