Re: Building an IMAP server

To: <debian-user@lists.debian.org>
Subject: Re: Building an IMAP server
From: "nate" <debian-user@aphroland.org>
Date: Wed, 5 Feb 2003 17:34:16 -0800 (PST)
Message-id: <[🔎] 41953.10.10.10.7.1044495256.squirrel@webmail.linuxpowered.net>
In-reply-to: <[🔎] 20030205144303.GL860@yun.yagibdah.de>
References: <[🔎] 20030201130818.GB26043@yun.yagibdah.de> <[🔎] 1044297385.18819.58.camel@cbgb.rudedog.org> <[🔎] 20030204173841.GC30144@yun.yagibdah.de> <[🔎] 53921.10.10.10.7.1044394658.squirrel@webmail.linuxpowered.net> <[🔎] 20030205144303.GL860@yun.yagibdah.de>

Hans Wilmer said:

> What's the better way to go when building a new server? Should I start
> with 2.x or stay at 1.5?

If it were me, I would use 1.5. See my other posts with the maintainer
of the cyrus 2 packages for debian for why. It really depends on your
requirements. cyrus 1.5 is VERY VERY old and does not have near the
feature set that cyrus 2 has(e.g. sieve filtering for server-side
filtering). But the flip side, is it is "tried and true".

> But how do users authenticate when they're not local users? I'm
> currently stuck with LDAP; seems I can't get it to work, and I didn't find
> helpful documentation yet. And SASL is another thing unknown to me.

I personally think sasl is a pain in the ass from my brief exposure
of looking at some of the docs. Not something I look forward to using,
though it looks like it may be required in future versions of debian,
luckily debian has a long release cycle so it may be upwards of 1-2
years before I have to worry :) by then it may of gotten better.

If you do use LDAP, and you use libnss-ldap(to lookup account info
in the LDAP database for stuff like finger, ssh, etc) you cannot
use cyrus 2.x. There's a library conflict w/sasl which totally
hoses the system. Which is one reason why I won't be using cyrus
2 anytime soon. I'd expect this issue to be eventually resolved
perhaps in the comming year or 2, especially as more users start
to use this new sasl library, LDAP authentication is becomming
more common.

> Hm, courier is fairly easy to setup, but it's slow on larger
> mailboxes. It's ok with only a few users, but nonetheless you'll
> probably not be happy with it on larger mailboxes.

thats good to know, I haven't tried it myself, I migrated my last
company from UW IMAP to Cyrus(upgraded hardware at the same time),
my boss did some testing and noticed a near 20x improvement in
performance for large mailboxes(10k+ messages). Since i use webmail
I need to keep folder sizes small(folders I routinely access I try
to keep under 500 messages, my archive folders have 1500+), just so
that folder access is near instantaneous. If you use a mail client
which caches data such as netscape, mozilla, and I think even outlook
caches data, response time will be near immediate for even huge
mailboxes. Keep in mind to use a good file system or at least tune
your filesystem if you plan to have tens/hundreds of thousands of
small files. I hear reiserfs is good for this.

>> > + What's the best way to do backups and restores?
>>
>> just tar up the user's mail folder(/var/spool/cyrus/mail/user/$USER).
>
> Can exim be suspended somehow so that it keeps incoming mails in the queue
> instead of delivering it during backup or recovery operations?

not sure, haven't used exim myself, when I did migrations I just stopped
the SMTP server, if you time it right(e.g. with scripts) you can migrate
a mail box in maybe 10 seconds, hardly noticable. When I was doing real
time migrations I would use rsync, and have it update everything then
run the cyrus commands to rebuild, could sync 20 mailboxes in ~25-30
seconds(via T1 link over VPN to the other side of the U.S.)

> Uh! What are you doing with so many accounts? Isn't it easier to have
> server side filtering to direct mail into appropriate folders?

cyrus 1.5 has no such support. And even if it did, there really is
no way to determine what address the email was sent to. especially in
the case of spam. Newer mail servers add something like a Delivered-To:
header(perhaps exim does, I use postfix) but my current installation
does not provide such information, so I cannot rely upon something like
procmail or sieve to filter mail. I personally find it useful to see
what email addresses recieve what spam, and by having each email box
have it's own account, it makes it impossible(?) for incorrect filtering.

and as an added bonus I can recieve email without seeing it in my
client(some email addresses I check only a few times a year).

also keep in mind cyrus is generally a one way trip, I haven't seen
any tools that allow for easy migration away from it. when I migrated
from UW imap to cyrus I had users manually copy their email(using their
IMAP clients) to the new system, it worked well. I gave them about a 2
month grace period. If you have a lot of users this may not be an
easy solution(my company had ~50 employees at the time). There was
a script that allowed for automated migration but it was marked
experimental at the time so I didn't risk it, did the migration
manually. Cyrus did not accept messages with null bytes in them so
some mail had to be lost(or printed), but maybe 1 in 20,000 messages
had a null byte, wasn't an issue for any of the users. I think there
was only 2 or 3 messages that were affected accross the entire userbase
I had.


nate

Reply to:

Follow-Ups:
- Re: Building an IMAP server
  - From: Hans Wilmer <lee@yun.yagibdah.de>

References:
- Building an IMAP server
  - From: Hans Wilmer <lee@yun.yagibdah.de>
- Re: Building an IMAP server
  - From: Dave Carrigan <dave@rudedog.org>
- Re: Building an IMAP server
  - From: Hans Wilmer <lee@yun.yagibdah.de>
- Re: Building an IMAP server
  - From: "nate" <debian-user@aphroland.org>
- Re: Building an IMAP server
  - From: Hans Wilmer <lee@yun.yagibdah.de>

Prev by Date: Re: no PPP after Kernel Compile
Next by Date: Re: mounting filesystems
Previous by thread: Re: Building an IMAP server
Next by thread: Re: Building an IMAP server
Index(es):
- Date
- Thread