# filtering on a mail server

## seringen

Hi everyone, I'm in the planning stages of setting up what i would like to be a nice mail server with virtual mail hosts, imap, web mail et al.  

I've read the two gentoo Virtual Mail howtos, and sifted through google and the forums for probably days now, but I still have lots of questions. 

I'm asking these here because I after I set it up, I want to mainly just forget about it, i.e. preferably just use emerge.  However I want a really great setup for many of the same reasons- It works so nicely I don't have to fiddle with it too much, and it makes all the other users happy.  There's just too many ways to kill a spam or sort an email these days!

1.  Filtering options:  spam-assassin, crm114, bogofilter, etc.  What should I use, really?  I heard that Spam Assassin now can use crm114, is this true?  out of the box?  Is it totally overkill now there are things like bogofilter? What's the most brilliant, hopefully easy to use option?  There's so many options!

2.  I read about SPF http://spf.pobox.com/ and thought that it was a pretty great thing.  I don't like the idea of white lists and black lists.  I think qmail has support for it, can I use it in conjunction with other filtering?  Using qmail or postfix?

3.  Really, should I use postfix or qmail.  They both seem great, which one will have better gentoo support and/or will work better with SPF/CRM114 or whatever you recommend.

4.  I like the idea of not only web mail, but also calendaring and or contacts that can back up to a web interface.  Is IMP/horde my only option?  I've looked, but darned if I know.  I'm open to squirrelmail, but i was confused over which plugins actually were good.

Thanks a whole lot for your suggestions, I'm really open to anything and will reconsider anything. I look forward to hearing from from the community.  I heartily apologize for my ignorance.

----------

## georwell

I can tell you what I use and recommend...

Cyrus-imapd:  ACLs, SIEVE support  (IMAP Mail Filtering language, RFC, Internet Standard), blackbox system, virtual host support, distributive architecture, quota support, and lots lots more.  Courier-IMAP is a good alternative but I have never used it.  I use cyrus in all my production environments and it scales incredibly well and I have never had a problem with it.

Webmail:  Squirrelmail with AVEL-Sieve plugins, mail quota reporting, folder options, and others

Spam Filtering:  SpamAssassin

Virii: Sophos, if you have a large base of users who use windows this is a must.  Do not be afraid to pay for good anti-virus software for the mail server, if you have to admin a windows network. 

MTA: Sendmail, an oldy but goody.  Sendmail can do anything and is very very useful for complex mail problems.  Postfix and Qmail are good, but I have never used those either so can't vouch for them.  Use STARTTLS and require SMTP-AUTH for mail relay.

MailScanner:  The most underated/unadvertised opensource project all of time.  Ties, Sendmail/Postfix, anti-virus, and spamassassin together.  This is one of the best programs I have ever found and should be a default install for all mail servers.  Combined with SpamAssassin and a virus scanner (it supports virtually all virus scanners) you can setup system wide spam detection and virus protection.  As soon as my-doom, klez, virus of the month appears, add it to your delete virus list and MailScanner will delete it or quarantine the email depending on what you want and it will never reach your users.  VERY VERY handy.  

SPF: I have setup SPF for my domains and I do believe SpamAssassin will have support them in the future.  (Does it have it now?)  But not many people do this yet so it is of limited value right now.

LDAP:

Combine all of this using SASL and ldap for central auth, global address book and you have quite a powerful/scaleable server ready to go.

TODO:  Check out kroupware and see if it truly is the exchange replacement that it claims to be.  (Calendaring etc...)

----------

## seringen

Thanks for your response, georwell.  The mail server *shouldn't* be so high volume where i'm worried about distributing the load (although of course there will be backups).  

This is apart from the corporate mail system, although because of the corporate one, most everyone is already running sophos on their machines, but I want to be able to show what can be done on the cheap. (although I agree, sophos is great)  It's sad seeing a server room so full of sun's and sgi's and random linux and then have the important network functions be mostly windows boxes!

I'm highly disinclined to use Sendmail due to the last time I bothered with Sendmail, although when it isn't a major security risk, it works nicely.

I've heard good things about Mailscanner, but not a lot about mail scanner.  Does anyone have anything to say about it in comparison to other programs?  It strikes me that Mailscanner in the way it works is pretty much a layer on top of spam assassin, since it seems to call spam assassin modules directly.  If spam assassin is really the only way to go, i'd be ok for it, but I'm hesitant to tie myself down into a somewhat less modular system. 

I have a lot to think about now, please others reply, too.  I basically want to turn this baby loose and then not look back

----------

## dgt84

I'm using postfix and it was simple to set up, and just works. I've updated my domain's TXT records for SPF, but I think it will be a bit before I can get SPF working with Postfix (seems to be very experimental at the moment). Also, spamassassin is a must  :Smile: 

I would say that you should use the correct tool for the job. My mail server only has a handful of addresses for friends and family, while others have thousands. I'm sure postfix can handle most situations, but if you find qmail simpler to setup or administer, I say use it (I've never tried qmail, but heard it was very easy...). I would definitely only use Sendmail as a last resort though; it's a beast.

----------

## alterself.com

I use postfix + amavisd-new + clamav + spamassassin to filter and relay to an internal exchange server. has been working great for months now.  :Smile: 

----------

## jkcunningham

I did some comparative testing of spam filters last weekend and came up with some interesting results. I've been using both bogofilter and SpamAssassin (in parallel) for over a year. I had started noticing that an increasing amount of spam was getting through and wanted to double check I had things set up properly (it was). 

So I went through my email and built a corpus of 8260 unique 'ham' and 3924 'spam' and cleaned out all the filter markup tags.  Then I ran the filters on them for scoring. SpamAssassin by itself was only performing about about 92% detection level (with 0 false alarms). Bogofilter ran at 87.9% detection and  0.06% false alarm. 

Then I downloaded spamprobe - another Baysian filter written in C I have read about recently. Spamprobe scored 99.64% detection and 0.01 % false alarm. 

Too bad spamprobe isn't in portage.  It appears to be by far one of the best spam filters available. I've reconfigured my filtering system now so it runs just the C-codes - spamprobe and bogofilter - in cascade. So far nothing has gotten through. 

-Jeff

----------

