[PLUG] Email on Linux vs MS

Karl M. Hegbloom karlheg at pdxlinux.org
Thu Dec 5 11:11:42 UTC 2002 

On Wed, 2002-12-04 at 16:41, stuart mathews wrote:
> Sorry for this vague request.  I am looking for some direction.

They went that-a-way, pardner!

> An associate of mine and I are trying to help someone identify the optimal path
> for creating a custom-built email system that will forward / route lots of emails.
>  She had assumed the solution would be deployed on Microsoft technology.  As
> a Linux newbie, my instinct is telling me the would be better served to deploy
> this solution on Linux, but I don't know enough about email systems or Linux.
> 
> 
> Can someone give me some pointers on why Linux would be superior for this?

I cannot make a comparison between the Microsoft platform and Linux, or
between Linux and commercial Unix, since I have only experience with
Linux.  I do have some experience with both Sendmail and Exim 3 however.

Sendmail
========

Sendmail has a bad reputation amoung some, and a good one amoung
others.  Many people believe that it is difficult to configure.  On a
recent Debian GNU/Linux installation, Sendmail is a lot easier to use
than it is on the Red Hat setup I examined.  The reason for this is that
the Debian maintainer has put an aweful lot of work into making it easy
to use.  If you must use Sendmail for some reason, then Debian is the
platform of choice for it.  (But look into Exim!)

There is a pretty decent "sendmailconfig" script that asks some
questions and builds a starter "/etc/mail/sendmail.mc" for you, for
instance.  That happens automaticly when you install the package.  In
most cases, you don't need to do any more configuration at all.  Also,
there's a very good "/etc/mail/Makefile", and a "sendmail.conf" used by
the init.d scripts as well as some admin commands provided by the
package.  It allows you to configure multiple queue groups, and whether
to run Sendmail from inetd or as a daemon, and to run the queue from
cron or by the daemon.

If you never muck around with sendmail.cf (which is a major taboo since
that breaks upgrades) and only edit the sendmail.mc, trusted-users, etc.
files, you can just type "make" and it will rebuild the sendmail.cf and
all the lookup tables, then prompt you to restart the daemon.  To do
much customization, you will need to read the bat book.

Exim
====

Exim 3 (and Exim 4) is a lot easier to figure out.  The Sendmail book is
quite thick.  It's configuration language is turing complete...  You
could probably implement Sendmail Lisp in it.  The Exim book is much
lighter and less daunting.  There is also a great online documentation
for it that puts an index in a frame on the left and the text on the
right.  I think that Exim does everything you'll ever need and that
since it's a lot easier to figure out, you're better off with it.

It was fairly easy to get Spamassassin and Amavis + a virus scanner
working under Exim.  RTFM, and it's not hard to figure out.

Others
======

I never did figure out qmail, and it's licence is restrictive, so it got
crossed off the list right away.

Postfix seems to be popular amoung the Mandrake people -- I gather that
it's what MD installs by default.  Similarly, Exim is popular on Debian
machines, since it's their default mailer.  On Debian, Exim "Just Works"
for the vast majority of installations, with no configuration required
beyond the questions asked by it's postinstall script.

I found Postfix to be slightly more difficult to figure out that Exim. 
I never really could get Postfix to work right wrt header rewriting and
intranet domain masquerading.  Supposedly, Postfix's multi process
design is more secure than the monolithic Sendmail or Exim.  The
argument is that Sendmail runs as root, and so if there's ever a buffer
overrun exploit, you can get rooted.  Exim runs as "mail" on Debian, and
IIRC, Postfix also runs as a non-root user, as does qmail, so if they
get cracked, at least the attacker is not given root.

I personally have not ever gotten down and dirty into the source code of
any of them, so cannot really make any FUD free statement regarding
actual system cracker proof security.  I think that actual cracking of
servers is relativly rare anyhow.  Some people are way too paranoid
about that issue than they need to be, IMO.  But that's how they make a
living.

IMAP
====

For IMAP, I've used only uw-imapd, since it Just Works out of the box
with standard login accounts.  It is what is used on
drizzle.pdxlinux.org.  The only configuration I had to do was to have it
allow plain passwords (but only over SSL) and to put the folder base in
the user's "Mail" directory to keep $HOME tidy.  A simple "apt-get
install uw-imapd" gets it up and running in short order.

For a dedicated email server where mail is expected to be kept on the
server and accessed via IMAP, and where the vast majority of users will
not have login access to that server, then Cyrus IMAPd is generally what
people use.  It is non-trivial to get up and running...

Cyrus IMAPd (via SASL) can be set up to obtain authentication data from
an Active Directory or LDAP server on your LAN, if you install the right
packages.  (Everything you need for that is part of Debian GNU/Linux,
already built and ready to install and use. You'll need libpam-ldap and
libnss-ldap, I'd guess...  I have not actually finished my research in
this area and have not yet configured a Cyrus IMAPd.)  It can also
obtain authentication data from the standard passwd database, or with
the kerberos system.

Cyrus supports the SEIVE server side mail filtering language.  I believe
it is the first IMAP to do so.  I have not used it...  Cyrus also lets
you set up shared mail folders.  Such a folder could be used to
implement rudimentary shared calendaring, by using the normal
peer-to-peer but emailing to a shared mailbox where everyone must check
in and update their Evolution calendar manually from the messages left
there.

There is also a suite called Courier that looks promising.  It has SMTP
and IMAP, plus calendaring, and web mail.  All are available from
Debian, so you can quickly try them that way if you like.  (Did I
mention that I'm a Debian advocate?)

Mail Server
===========

If it was me, I'd start with a minimal Debian 3.0 (Woody/stable)
install, and go with Exim 3 and either Cyrus IMAPd (harder) or uw-imapd
(easier, less capable) depending on how many users, etc.  I would
install Apache 1.3, optionally with libapache-mod-ssl, and Squirrelmail
for web email access.  Since Squirrelmail accesses the mailboxes via
IMAP, it should play well with other mail user agents that also use
IMAP.  I have not done much wrt testing uw-imapd with multiple clients
on the same account concurrently...  I would imagine that Cyrus is much
better in this area.

More information about the PLUG mailing list