Any Mail Admins Here?

Anyone here maintain a mail server? I’d like to share thoughts and swap ideas if so.

We currently use Scalix Community Edition for our corporate mail server with several different domains and in general, it’s pretty reliable. We had Scalix 11.4.1 on Opensuse 10.2. When that EOL’d and Scalix introduced 11.4.2, we had trouble getting Opensuse 11.0 to recognize the Broadcom NICs in our new Dell server, so we switched to CentOS 5.2. As soon as we can, I want to move back to Suse (preferably Suse Enterprise, if I can swing it in the current economy).

So, in no particular order:

1. What mail system are you using? We’re reasonably happy with Scalix, but we’re eyeballing Zimbra. Any opinions would be welcomed, even if you’re just using your local ISP’s mail service.

2. We were able to dramatically reduce the load on our dedicated DSL to the mail server by using the 2nd NIC in the Dell server to provide a “back door” for local users. Those who fit the profile (desktop, not a mobile computer; don’t mind entering “192.168.x.x” instead of “mail.domain.com” in their client settings; etc.) enjoy a lightning-fast connection – you can upload a 10MB attachment in about 2 seconds!

I’d be interested in hearing thoughts from others, if there are any mail admins lurking here.

Well I don’t do much with mail servers these days. I admin a server with about half a dozen users on OpenSUSE using postfix, dovecot, amavis, etc. Don’t have to do anything unless something breaks; once in a while a stale lock file jams amavis, this is an old bug fixed long ago, just waiting for a non-factory 11.1 kernel to upgrade that server.

In a previous life I managed an ISP server on Debian using postfix and qpopper. Again not much to do once working.

Oh almost forgot, manage another mail server with virtual hosts and virtual users on Debian. Again, close to zero work once set up.

Sorry, no experience with all-in-one packages like Zimbra or Scalix. There’s also the Clarkconnect distro which puts together an integrated mail service with a web interface running on a dedicated (CentOS) box.

If it works, why not leave well enough alone. There’s no need to change over to OpenSUSE if it works fine on CentOS or whatever. Especially if the package takes over the whole machine.

If you had split horizon DNS, you could make that “backdoor” a properly working setup and they could use the same domain name for the mail server, inside or outside, which is especially good for road-warriors.

I hadn’t heard of Clarkconnect. I looked at them, and they’re intriguing. I may look at them further.

If it works, why not leave well enough alone. There’s no need to change over to OpenSUSE if it works fine on CentOS or whatever. Especially if the package takes over the whole machine.

I prefer Opensuse simply because that’s what I’m most familiar with – especially Yast. CentOS isn’t nearly as easy to configure. The firewall tool, for example, pinholes the same ports in both NICs; there’s no easy way to open, say, port 25 on one interface and some other port on the 2nd one. Plus, most of Cent’s config tools are GUI-only (in particular, the “add/remove users” thingie). That crimps my style a bit in SSH.

As for Scalix, it works, we’re reasonably happy, but it … creaks, I guess I’d say. It started life as HP Open Mail many years ago and changed hands a couple of times before being picked up by Xandros. Most of the tools are CLI jobs that have byzantine config options. On some utilities, you specify a user name with “-n,” on others, “-u.” It’s also extremely anal about user names – it won’t accept regular expressions, and partials will give an error if there’s more than one user who might match the partial spec!

(Ex: if I enter “stephen,” I’ll get an error, because there’s more than one Stephen in the company. If it would list all, or better yet, say, “which ‘Stephen’ do you want?” That’d be a lot nicer.)

If you had split horizon DNS, you could make that “backdoor” a properly working setup and they could use the same domain name for the mail server …

Right. We’ve been too busy to do that (we may try today). Given how nicely the 2nd NIC “back door” worked, it’s definitely on the schedule.

Forgot to mention the biggest reasin why we’d consider moving from Scalix. It “creaks” because it hasn’t kept up with the times. For example, it actually chooses the name of the mailstore directory from the first and last characters of the hostname on the server machine. (Ex., ours is “pop,” so the directory is “pp.”) That was probably OK 10-15 years ago when a bare sendmail or postfix setup was the norm, but it’s a little behind the times nowadays.

Another big reason is just how blamed difficult it is to set up SSL access to Webmail. The How-Tos in the Scalix Wiki are inaccurate and outdated. It may be an “all in one” package, but it sure doesn’t feel integrated; it’s a conglomeration of stuff that (usually) works together, each with its own rules and config style. For example, I’ve learned the hard way not to try to stop is with a simple “omshut” command. I do the following:

omshut -t 3
service scalix stop
service httpd stop
service sendmail stop
service ldapmapper stop
service scalix-tomcat stop
service scalix-postgres stop

Now, at 1 in the morning, it’s easy to forget one of those, or get one out of order.

Well you don’t have to use GUI tools to manage Linux user accounts, you can use useradd, userdel and usermod.

I can recommend dovecot highly (but get a newer kernel than the one on the 11.1 DVD, it has an inotify bug that kills the machine if you are running dovecot or samba). Coupled with squirrelmail or horde, you have your webmail. Run it over SSL with Apache and there’s your secured webmail. Takes a fair bit of setup though, hence the attraction of specialised distros with fancy web admin. Another distro you might consider is Endian.

Of course. But as I’ve said many times elsewhere, I prefer GUI tools for something like this. I like being able to look at a list of users while I’m working with them. I enjoy being able to see at a glance, on one page, how many people are members of the group “sftponly.” The deep, dark secret of those who use command-line tools for user and group work is that, if they’re dealing with a large number of names, they have to use paper and pen to keep up with things. (Or, if they’re more advanced, they use a spreadsheet and update it each time they make changes.)

Another distro you might consider is Endian.

Looks like Endian is just a firewall/gateway. We use IPCop and pfSense.

• smpoole7,

Novell Groupwise. IMHO top notch when it comes to reliability, stability, ease of administration.

Uwe

I’m sure it is. It’s also way, way, WAY out of reach for our budget.

(That’s why we’re using the open-source “community” version of Scalix.)

Actually they probably use LDAP for the auth base and a LDAP management tool.

Looks like Endian is just a firewall/gateway. We use IPCop and pfSense.

Actually it does have mail server capabilities but it is primarily a gateway and may take a bit of adaptation for use as an inside server.

http://www.endian.com/en/products/features/mail-security/

Ken,

We’re trying Clark Connect now. If we like it, we’ll get the Enterprise version and run with it. Thanks again for the tip.

• smpoole7 wrote, On 02/18/2009 08:46 PM:

> I’m sure it is. It’s also way, way, WAY out of reach for our budget.
>

Next time try masking being a cheapskate with “<spit> That’s closed source!”

Uwe

Hope it meets your needs. A friend of mine ran a home firewall and mail server with the community version for years until the computer broke down (I got the box, it turned out to be a burnt out AGP video card), but by this time various family members had switched to gmail and no longer needed to share a single mailbox at the ISP.

Nah, I’d rather be honest. I’m not opposed to closed-source solutions, as long as they’re reasonably priced.

My attitude is the same as Linus Torvalds’: “you use what works.”