also sprach Hans Wilmer <lee@yun.yagibdah.de> [2003.02.01.1408 +0100]: > Currently I'm trying to figure out what software to use best to set up > an IMAP server for the company I'm working at. I'll be using Debian > Woody for the server, and the following requirements and suppositions > are given: courier-imap fulfills all those requirements. > + about 60--100 users easy. > + Mail must be saved on the server, not on the clients. IMAP standard. > + Users should be able to create folders and subfolders to store their > mail. most every IMAP server i know can handle this. surely courier > + Mailboxes are mostly accessed via a webmail client. The webserver > may run either on the same server or on another maschine. so? > + Exim should be used as MTA; amavis and spamassassin should be used. > Mail filtering by .forward files and eventually maildrop should be > possible; probably assisted/done by the admin (vacancy, > redirections, maybe automatic sorting into folders). that's totally irrelevant when looking for an IMAP server. all this is possible. > + Users may be real users on the server. --- Are there good reasons > against this? security? a user is *much* more dangerous to any system than a remote hacker. > + The server needs to be backed up daily. In case some user manages > to accidentially delete his mail, I'll have to recover from the > backup. This leads to: > > + Mail should be stored in maildir format (in users' home > directories). The server will use ext3fs. be careful on putting the spool directory on a journalled filesystem. for reference: http://www.stahl.bau.tu-bs.de/~hildeb/postfix/ext3.shtml > + Each user should have about 1 GB to store his mails. This will > probably be enforced by setting filesystem quotas. Are there > better solutions to set maildir quotas? Users should be informed > automatically in case they reach their quota limitation; the admin > should get a note, too. linux standard quotatool does that. > + Some/most users will store quite a lot of mail (in the sense of the > amount of data, not the number of mails). This should not > impact performance too much. (leads to using maildir, again) courier is rather performant if the underlying system works too. > + It would be nice to have POP3 working, too. courier-pop. both, pop and imap, also come with ssl versions. > + To make things easy, I'd like to stay with software from standard > Debian packages, but that's not a must. courier-imap courier-imap-ssl courier-pop courier-pop-ssl > Courier would do maildir, but it is an MTA in itselfe. only if you install courier-mta. i don't have that, i use postfix. > It might be possible or even a good idea to only use the imap server > of courier. But I don't know how nicely or if at all it suffices the > above needs. What would you suggest here? 100% yes. > As of yet, the capabilities of uw-imapd are unknown to me. Does it > support maildir? i don't think so. it's also a uw-* product and thus by reputation not as secure. > How do I improve secure operation and reliability? For example, while > backing up the server, mail might be delivered or sent > nonetheless. And even with daily backups, when having to recover from > a backup, the intermediate traffic would be lost. so disable the delivery directory while backing up. i don't think this is something you should worry about. if your MTA does proper locking, it's all well. > Since the costs are a critical issue, the server will have IDE disks > and probably no hardware RAID. Does IDE RAID work at all? Does it > make sense to use lvm to mirror the data to a second disk (instead)? > (I havn't used lvm yet, but I think mirroring is possible?) it makes sense to set up a RAID 1 or 5 software raid for performance reasons. oh, and make sure to use 7200 RPM disks at least. > (On the long run, there should be a second server to accept mail from > the outside world as a fallback in case the 'real' server is down. It > should keep the incoming mail in its queue to deliver it to the real > server when it comes back online.) that is kind of a necessity. -- Please do not CC me when replying to lists that I read! .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than fixing a system NOTE: The pgp.net keyservers and their mirrors are broken! Get my key here: http://people.debian.org/~madduck/gpg/330c4a75.asc
Attachment:
pgpjh5bolOQva.pgp
Description: PGP signature