{"id":373,"date":"2012-08-13T17:27:23","date_gmt":"2012-08-13T17:27:23","guid":{"rendered":""},"modified":"2015-12-12T16:48:28","modified_gmt":"2015-12-12T15:48:28","slug":"budowa-systemu-pocztowego","status":"publish","type":"post","link":"https:\/\/drfugazi.eu.org\/en\/budowa-systemu-pocztowego\/","title":{"rendered":"Building mail system"},"content":{"rendered":"<p>This description is based on my experience, which I gained during mail system implementation on University of Silesia (Katowice\/Poland). In the first stage there was about 3 000 of users, now the system is handling about 40 k of mail users. Whole system (exluding Sophos AV) is based on Open Source software. Their main components are:<br \/>\n<!--more--><\/p>\n<ul>\n<li>3 servers <a href=\"http:\/\/www.dovecot.org\">Dovecot<\/a>, which provide access to mailboxes via <b>IMAP<\/b> and <b>POP3<\/b>, mail delivery via <b>LMTP<\/b> protocol, mail filtering with <b>Sieve<\/b> mechanism, filtering management via <b>ManageSieve<\/b> and user authentication (<b>AUTH<\/b>) for mail submission;<\/li>\n<li>2 servers <a href=\"http:\/\/www.postfix.org\">Postfix<\/a>, one for sending and receiving mail from Internet with <b>SMTP<\/b>, filtering connections, performing AV and AS scan, and the second one for mail submission (after authentication) and delivering messages to local users via <b>LMTP<\/b> protocol;<\/li>\n<li>7 instances of <b>LDAP<\/b> directory services as data source for mail system and other services. Two <a href=\"http:\/\/www.openldap.org\">OpenLDAP<\/a> servers with multi-master replication stores employees data, two <a href=\"http:\/\/opendj.forgerock.org\/\">OpenDJ<\/a> servers with multi-master replication stores students data, another two OpenLDAP servers are acting as Meta Proxy to join data from both sources, and one server on Frontend to deliver address book;<\/li>\n<li><a href=\"http:\/\/www.ijs.si\/software\/amavisd\/\">Amavisd-new<\/a> as interface between Postfix and AV\/AS scanners;<\/li>\n<li><a href=\"http:\/\/clamav.net\">ClamAV<\/a> (daemon) and <a href=\"http:\/\/www.sophos.com\/\">Sophos<\/a> as AntiVirus scanners;<\/li>\n<li>Perl module <b>SpamAssassin<\/b> to spam tagging;<\/li>\n<li>Additional AntiSpam filters: <b>Postgrey<\/b> (abandoned in favor of <b>postscreena<\/b> embedded in Postfix), <b>rbldnsd<\/b> and <b>fail2ban<\/b>;<\/li>\n<li><a href=\"http:\/\/www.onyxbits.de\/gnarwl\">Gnarwl<\/a> which serves as autoresponder for virtual users stored in LDAP (abandoned in favor of Sieve possibilities).<\/li>\n<li>Webmail interface to access mailbox via web browser, eg. <a href=\"http:\/\/horde.org\/\">Horde<\/a> or <a href=\"http:\/\/roundcube.net\/\">Roundcube<\/a><\/li>\n<\/ul>\n<p>Above software was chosen because of high reliability, flexibility of configuration, security and scalability.<\/p>\n<p><b>Dovecot<\/b> server beside of IMAP\/POP3 server has ability to act as user authentication server for Postfix (AUTH), has own mail delivery mechanism (<b>deliver<\/b>) and <b>plugin<\/b> mechanism, whereby can be extented with additional functionality, eg. <b>quota<\/b> which is delivered with Dovecot or filtering mechanism basing on <b>Sieve<\/b>, which can be easily compiled and installed into Dovecot. You can also create and install your own plugins.<\/p>\n<p><b>Postfix<\/b> is widely known SMTP server and Sendmail replacement. It&#8217;s reliable and flexible, you can easily equip it with AntiVirus and AntiSpam filters, header checks, RBL, DNSBL etc. It&#8217;s also very flexible in terms of data sources and maps. They can be stored in flat files, BerkeleyDB, sqlite, MySQL, LDAP etc.<\/p>\n<p><b>LDAP<\/b> (Lightweight Directory Access Protocol) is known as scalable and very fast data access. It&#8217;s also very flexible to schema extensions and addition of own attributes. LDAP can be used as data source to different applications. I&#8217;ve found that <b>OpenLDAP<\/b> was good enough for few thousand of entries, but there was some issues with Multi-master replication mechanism when several dozen of entries comes. Then, my friendly specialist who is implementing a large-scale LDAP systems recommends me <b>OpenDJ<\/b> server, which is successor of <b>OpenDS<\/b> project developed by Sun Microsystem.<\/p>","protected":false},"excerpt":{"rendered":"<p>Sorry, this entry is only available in Polish. For the sake of viewer convenience, the content is shown below in the alternative language. You may click the link to switch the active language.Opis systemu&#46;&#46;&#46;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_newsletter_tier_id":0,"footnotes":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[110],"tags":[12,6,22,34,11],"jetpack_publicize_connections":[],"acf":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p7M9Tz-61","jetpack-related-posts":[{"id":374,"url":"https:\/\/drfugazi.eu.org\/en\/mail-system-implementation\/","url_meta":{"origin":373,"position":0},"title":"Mail system implementation","author":"drfugazi","date":"Thursday August 16th, 2012","format":false,"excerpt":"My experience, which I gained during implementation of different systems shows, that implementation should be done in stages. Then, at each stage you can see if it works, if there are some fields to improve and then go to the next stage of implementation. Mail system implementation is not exception.\u2026","rel":"","context":"In &quot;Mail system&quot;","block_context":{"text":"Mail system","link":"https:\/\/drfugazi.eu.org\/en\/category\/mail-system\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":231,"url":"https:\/\/drfugazi.eu.org\/en\/konfiguracja-uwierzytelniania-poczty-w-ldap\/","url_meta":{"origin":373,"position":1},"title":"Konfiguracja uwierzytelniania poczty w LDAP","author":"drfugazi","date":"Friday December  3rd, 2010","format":false,"excerpt":"Zak\u0142adam, \u017ce Dovecot i Postfix ju\u017c dzia\u0142aj\u0105 i mo\u017cna odebra\u0107 i wys\u0142a\u0107 poczt\u0119 loguj\u0105c si\u0119 na u\u017cytkownika systemowego (patrz poprzednie wpisy). Nadszed\u0142 zatem czas na uruchomienie uwierzytelniania w naszym katalogu LDAP (patrz konfiguracja LDAP). Wykorzystanie LDAPa do uwierzytelniania u\u017cytkownik\u00f3w pozwala na elastyczne zarz\u0105dzanie hostingiem poczty i nie tylko. LDAP jest\u2026","rel":"","context":"In \"Dovecot\"","block_context":{"text":"Dovecot","link":"https:\/\/drfugazi.eu.org\/en\/tag\/dovecot\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":226,"url":"https:\/\/drfugazi.eu.org\/en\/instalacja-systemu-pocztowego-na-ubuntu\/","url_meta":{"origin":373,"position":2},"title":"Instalacja systemu pocztowego na Ubuntu","author":"drfugazi","date":"Friday November 19th, 2010","format":false,"excerpt":"Zak\u0142adam, \u017ce system jest zainstalowany i posiada podstawow\u0105 konfiguracj\u0119 z uruchomion\u0105 us\u0142ug\u0105 SSH. Po zalogowaniu przyst\u0119pujemy do instalacji pakietu dovecot-postfix, kt\u00f3ry opisany jest jako w pe\u0142ni funkcjonalny serwer pocztowy: drfugazi@charr:~% sudo aptitude install dovecot-postfix [sudo] password for drfugazi: Czytanie list pakiet\u00f3w... Gotowe Budowanie drzewa zale\u017cno\u015bci Odczyt informacji o stanie... Gotowe\u2026","rel":"","context":"In \"Dovecot\"","block_context":{"text":"Dovecot","link":"https:\/\/drfugazi.eu.org\/en\/tag\/dovecot\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":365,"url":"https:\/\/drfugazi.eu.org\/en\/pigeonhole-implementacja-sieve-dla-dovecot\/","url_meta":{"origin":373,"position":3},"title":"Pigeonhole &#8211; Sieve support for Dovecot","author":"drfugazi","date":"Friday July  6th, 2012","format":false,"excerpt":"Overview Pigeonhole is the name of the project that adds support for the Sieve language (RFC 5228) and the ManageSieve protocol (RFC 5804) to the Dovecot Secure IMAP Server. In the literal sense, a pigeonhole is a a hole or recess inside a dovecot for pigeons to nest in. It\u2026","rel":"","context":"In &quot;Mail system&quot;","block_context":{"text":"Mail system","link":"https:\/\/drfugazi.eu.org\/en\/category\/mail-system\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":232,"url":"https:\/\/drfugazi.eu.org\/en\/konfiguracja-dostarczania-poczty-w-oparciu-o-ldap\/","url_meta":{"origin":373,"position":4},"title":"Konfiguracja dostarczania poczty w oparciu o LDAP","author":"drfugazi","date":"Saturday December 18th, 2010","format":false,"excerpt":"Ostatnio pisa\u0142em o konfiguracji uwierzytelniania u\u017cytkownik\u00f3w w katalogu LDAP aby mogli odbiera\u0107 i wysy\u0142a\u0107 poczt\u0119. Teraz czas na konfiguracj\u0119 Postfixa aby t\u0119 poczt\u0119 dostarcza\u0142 do w\u0142a\u015bciwych domen i skrzynek. Je\u015bli kompilujecie\/instalujecie Postfixa samodzielnie, to nale\u017cy pami\u0119ta\u0107 o wkompilowaniu wsparcia dla LDAP oraz wskazaniu \u015bcie\u017cki do bibliotek LDAP. Ja p\u00f3jd\u0119 na\u2026","rel":"","context":"In \"LDAP\"","block_context":{"text":"LDAP","link":"https:\/\/drfugazi.eu.org\/en\/tag\/ldap\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":348,"url":"https:\/\/drfugazi.eu.org\/en\/dovecot-2\/","url_meta":{"origin":373,"position":5},"title":"Dovecot","author":"drfugazi","date":"Monday June  4th, 2012","format":false,"excerpt":"Dovecot is an open source IMAP and POP3 email server for Linux\/UNIX-like systems, written with security primarily in mind. Dovecot is an excellent choice for both small and large installations. It's fast, simple to set up, requires no special administration and it uses very little memory.","rel":"","context":"In &quot;Mail system&quot;","block_context":{"text":"Mail system","link":"https:\/\/drfugazi.eu.org\/en\/category\/mail-system\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/posts\/373"}],"collection":[{"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/comments?post=373"}],"version-history":[{"count":3,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/posts\/373\/revisions"}],"predecessor-version":[{"id":528,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/posts\/373\/revisions\/528"}],"wp:attachment":[{"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/media?parent=373"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/categories?post=373"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/tags?post=373"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}