Building mail system
This description is based on my experience, which I gained during mail system implementation on University of Silesia (Katowice/Poland). In the first stage there was about 3 000 of users, now the system is handling about 40 k of mail users. Whole system (exluding Sophos AV) is based on Open Source software. Their main components are:
- 3 servers Dovecot, which provide access to mailboxes via IMAP and POP3, mail delivery via LMTP protocol, mail filtering with Sieve mechanism, filtering management via ManageSieve and user authentication (AUTH) for mail submission;
- 2 servers Postfix, one for sending and receiving mail from Internet with SMTP, filtering connections, performing AV and AS scan, and the second one for mail submission (after authentication) and delivering messages to local users via LMTP protocol;
- 7 instances of LDAP directory services as data source for mail system and other services. Two OpenLDAP servers with multi-master replication stores employees data, two OpenDJ servers with multi-master replication stores students data, another two OpenLDAP servers are acting as Meta Proxy to join data from both sources, and one server on Frontend to deliver address book;
- Amavisd-new as interface between Postfix and AV/AS scanners;
- ClamAV (daemon) and Sophos as AntiVirus scanners;
- Perl module SpamAssassin to spam tagging;
- Additional AntiSpam filters: Postgrey (abandoned in favor of postscreena embedded in Postfix), rbldnsd and fail2ban;
- Gnarwl which serves as autoresponder for virtual users stored in LDAP (abandoned in favor of Sieve possibilities).
- Webmail interface to access mailbox via web browser, eg. Horde or Roundcube
Above software was chosen because of high reliability, flexibility of configuration, security and scalability.
Dovecot server beside of IMAP/POP3 server has ability to act as user authentication server for Postfix (AUTH), has own mail delivery mechanism (deliver) and plugin mechanism, whereby can be extented with additional functionality, eg. quota which is delivered with Dovecot or filtering mechanism basing on Sieve, which can be easily compiled and installed into Dovecot. You can also create and install your own plugins.
Postfix is widely known SMTP server and Sendmail replacement. It’s reliable and flexible, you can easily equip it with AntiVirus and AntiSpam filters, header checks, RBL, DNSBL etc. It’s also very flexible in terms of data sources and maps. They can be stored in flat files, BerkeleyDB, sqlite, MySQL, LDAP etc.
LDAP (Lightweight Directory Access Protocol) is known as scalable and very fast data access. It’s also very flexible to schema extensions and addition of own attributes. LDAP can be used as data source to different applications. I’ve found that OpenLDAP was good enough for few thousand of entries, but there was some issues with Multi-master replication mechanism when several dozen of entries comes. Then, my friendly specialist who is implementing a large-scale LDAP systems recommends me OpenDJ server, which is successor of OpenDS project developed by Sun Microsystem.