Packages & Conventions

A consumer-grade mail server is a big project. It involves a lot many packages, working together to deliver desired features.

For every needs we have multiple choice. So to make mailserver setup & management easy, we try to use same packages for all client servers.

Packages:

Below is list of package used and features they provide.

  1. Postfix – mail transfer agent (MTA). It sends mail from your server and also processes incoming email. When I reply to your comments on this blog, you get email notifications because of postfix.
  2. Dovecot – it provides imap/pop3 using which your mail client reads emails from the server. It also handles authentication (using mysql) and provides basic security and other mail-management related services.
  3. MySql – is used to store list of domains, virtual users/password, mail aliases, etc. Dovecot will use mysql-database to authenticate users.
  4. ViMbAdmin – mailbox administration web-interface to add/remove domains and mail users. This is an alternative to postfixadmin (in case you are aware of postfixadmin).
  5. Amavis – is a content-filter which checks email for spam & viruses using other packages.
  6. ClamAV – a free antivirus for linux. Its virus database is updated frequently. Please note that antivirus increases CPU load significantly.
  7. Spamassassin – is a spam filter. Spamassassin can learn automatically about spam on your server but as far as I know it currently doesn’t have any provision for user-specific spam preference.
  8. Sieve – is a mail filtering language. It is used to provide Gmail-style filters. A practical use case is – spamassassin can “mark” a mail spam but it gets delivered to Inbox only (or rejected). Its sieve filters (mostly global), which checks spamassassin’s “marking” and “move” mails from Inbox to Spam (or Junk) folder.
  9. RoundCube – webmail interface for mail-users. They can login using email-id and password. We will also add sieve plugin for RoundCube so users can create Gmail-like filters for their own use.
  10. Nginx – webserver for ViMbAdmin and RoundCube. As of now no special features of Nginx are used. We use nginx because we already have it on most of our server.

Above are main packages we are dealing with. These packages in turn needs many other packages.

Also, for amavis uses/handles spamassassin and sieve behind the scene so for basic functionality, you don’t have to worry about them.

Conventions:

Web-interface for ViMbaAdmin and RoundCube is delivered can be access using URLs like below:

Subdomain setup

  • vma.example.com – ViMbaAdmin (virtual mail admin)
  • mail.example.com – webmail interface for users (tribute to mail.google.com i.e. gmail.com)

Subdir setup

  • example.com/vma – ViMbaAdmin (virtual mail admin)
  • example.com/mail – webmail interface for users (tribute to mail.google.com i.e. gmail.com)

In both kind of setup’s nginx config will make use of alias directive.


3 responses

  1. Hi Rahul,

    Funny that you are doing this series on setting up a mail server. I just went through the whole same process on my server and have been living with it for about a month now. I am using mostly the same packages that you list above, including ViMbAdmin. However I did a couple things differently.

    • For performance and resource usage, I decided not to run Amavis, Spamassasin, and ClamAV and instead to use Dspam + PostGrey. Dspam is very light on resources and with a week or two of training, it works amazingly well at differentiating spam from good mail.
    • Using Dspam and a great Dovecot plugin called Dovecot Antispam Plugin (all available through apt-get on Ubuntu 12.04 – apt-get install dspam dovecot-antispam postfix-pcre dovecot-sieve), you configure a single “Spam” folder in the user’s IMAP account, and via sieve, Dovecot puts mail that Dspam thinks is spam into that folder. Training Dspam is then super-simple. If spam gets mistakenly delivered to the inbox, user moves it into the spam folder. If good mail gets mistakenly delivered to the spam folder, user moves it to the inbox. My experience is that after less than a week of training, Dspam is giving me 99% accuracy and barely using any resources on my server.
    • Postgrey is another very lightweight anti-spam tool. All it does is maintain a little database of senders to a given address and the first time mail comes to an address from a new sender, it delays receipt of the mail for 5 minutes by sending back a temporary error. Many spam engines will not try again, though all properly configured SMTP servers will re-try in a few minutes and then the mail will go through.
    • I am running OpenDKIM for sender authentication (along with an SPF record in DNS as well)
    • I do have quota support with web interface to change it via ViMbAdmin
    • I do not provide any user access to sieve filters at present.
    • I am not providing any webmail interface at present, so no Roundcube.
    • For security reasons, I also configured Nginx to only serve ViMbAdmin through an SSH tunnel, so I, as admin, am the only one who can access it.

    So far, everything is working great: better than I had hoped, and I don’t see any significant impact on resource usage on the server (where I am already hosting a bunch or wordpress sites). There are only two things that I am less than 100% satisfied with:

    1. The Dovecot package that you get on 12.04 via apt-get install is fairly old. I found a few more recent PPA’s backported to 12.04, but none that I felt comfortable enough with to use in production.

    2. I don’t know if you noticed but if you dig into the ViMbAdmin wiki on github you will see that they have been working on v 3.0 for some time and that the wiki says that v. 3.0 will have Apache as a hard requirement, so depending on how hard it is to adapt it to run under Nginx, we may be stuck with 2.x forever (I’ll never run the Apache pig on my box).

    If you are interested, I can provide you with sample configs for any of the stuff I mentioned above.

    — pjv (contributor to nginx helper wordpress plugin)

    1. @pjv

      Thanks for your nice & detailed feedback. 🙂

      These article were in draft from more than a month. We created them during last client project.

      We used to recommend Google Apps till there was a free edition (which we use ourself).

      Glad to know that you are using Vimbadmin as I was bit hesitant to replace it with postfixadmin – http://sourceforge.net/projects/postfixadmin/ (my old choice till sometime back). I tried Vimbadmin for first time though!

      I am aware of clamav CPU load and I added warning for same here – http://rtcamp.com/tutorials/mail/server/amavis-spamassassin-clamav/

      I came across DSPAM also but since spam assassin already working for me, I added it to future experiments list. I think its clamav which makes big difference to CPU load.

      I did not like idea of postgrey’s bouncing mails for first time sender. I was looking for a solution where I could connect spamassassin to postgrey. Postgrey will bounce for first time sender only if spam filter flag this new sender.

      I also added DKIM – http://rtcamp.com/tutorials/mail/dkim-postfix-ubuntu/ and SPF – http://rtcamp.com/tutorials/mail/spf-records/.

      I noticed new dovecot version as well but couldn’t find any launchpad build for 12.04 LTS.

      That being said, I would really love to see your config (specially quota part). How would you like to share (my mail address is [email protected] )

      Also, we don’t need to worry about vimbadmin 3.0. I am not sure what apache-specific feature they plan to add but there are many alternative and that is least critical part of whole setup (IMHO).

      Reason for publishing everything in so many parts – http://rtcamp.com/tutorials/mail/server/ is that this whole thing will be added to http://rtcamp.com/easyengine soon (ref – https://github.com/rtCamp/easyengine/issues/65)

      Once we have this in easyengine, we can do what vimbadmin does from command-line. Also there is http://www.posty-soft.org/ (requires ruby).

      Thanks again for your time for detailed feedback.

      If you have any suggestion/improvement in any article, please send over. 🙂

      1. Sent you an email with quota config information.

        I experimented with ClamAV and you are correct that is what eats CPU. Given the amount of virus emails I have received in the past few years (hardly any) I decided that it wasn’t worth it. I may change my mind in the future. But in any case, I really like the simplicity and resource efficiency of Dspam a lot. And I actually think it works better (i.e. higher accuracy) than Spamassasin. That coupled with how easy and intuitive the dovecot-antispam plugin for training Dspam is, made it seem like a no-brainer to me.

        Although the idea of connecting postgrey to spamassasin as you write sounds very interesting, in practice, I find that postgrey works well out of the box and I don’t mind the minor annoyance of a little delay for first-time emails coming through.

        Thanks for pointing me to posty-soft. I thought I had found every web admin for dovecot there was, but I hadn’t seen it before at all. If ViMbAdmin ever becomes unworkable, I’ll definitely try posty.

ℹ️ Comments are closed.