Setting Up a Linux Email Server in an NT Domain
Last Updated on 4 Dec 2004
Within these pages I attempt to document what I am doing to setup an Linux email server that gets user information from a Windows NT server. The main reason for doing this was to get rid of Microsoft Exchange. Not because Exchange wasn't working, though I have encountered problems with it, but because we were not using all of it's features and, being a small company, we really cannot afford it. This does not mean we will not be making the appropriate donations once we settle on the packages we will be using.
If you are interested in building an email server without the NT part, just skip the samba stuff and also see the links at the end of this page.
These pages are currently a work in progress as I try different packages and configurations.
Our requirements
No or very few extra steps when adding and removing users from the domain via NT.
Ability to backup and restore individual user's email boxes without costly additional backup 'plug-ins'.
Spam filtering. Preferably with RBL lookups, white lists, and individual user preferences.
A public mailbox readable by the 'Domain Users' group and writable by a PublicFolder group.
System wide address book(s).
Access via the web for traveling folks.
Virus scanning of all email as it arrives.
An email client not as prone to vulnerabilities as Outlook is. (which is sort of a separate issue)
With Exchange 5.5 you can do everything except #2 (that I've found doing disaster recovery). Also, spam filtering requires expensive third party add-ons or the solution I came up with using LRP and Exim.
What I came up with
OS = Red Hat 8.0
Decided to use this mainly because I am the most familiar with it. No, I'm not switching to 9 and I haven't had time to play with Fedora yet.
Samba
For communication with the NT server that we are keeping, for now.
MTA = Exim 4.x
Went with Exim after I got a feel for it on the LRP firewall. Most folks seem to use Sendmail.
IMAP = Courier's imap server
Another alternative is University of Washington's imap server (uw-imap)
This comes default with Red Hat, but I had to build my own to do something special.
Web Server = Apache
I had long considered switching our IIS to Apache. It is a really nice web server.
Web Mail = Squirrelmail
Another alternative is Horde IMP. I really like this package, but there are some things that irk me a little.
Anti-Spam = Spamassassin
I like it's configuration options. Exim can do RBL and white list as well.
Anti-Virus = ClamAV
InoculateIT is our AV software, but we need to upgrade to get Linux support. For now, ClamAV is working fine.
System-wide address books = openLDAP with PostgreSQL database as a backend
We needed to be able to use our contact information with MS Access and I wanted to eliminate keeping information up to date in two places. If we didn't need this I would only use LDAP. MySQL can also be used
Email client (aka MUA) = Thunderbird
I tried/wanted to use Pegasus. It would have worked, but it needed to be a fairly user friendly system (read switching Outlook users). I feel that its imap integration is still a little rough around the edges from a basic user standpoint, though I have heard that this part is soon to be rewritten. Thunderbird is working fine, so I doubt I'll switch once Pegasus is cleaned up.
Configuration Steps
In the following pages I have tried to outline what I have done. If a component did not meet my requirements but I had it working I will leave the steps for others. Most of this you can do with RPMs, but in a few cases you need to build the packages. If you have never messed with Linux, it is not as hard as you might think. Because my test server, an old workstation, only has a total of 1.3gig in hardrive space I have not installed X-Windows. Everything is done via the command line or through Webmin.
Note: The order listed below is not necessarily the order you have to install the packages. For instance I list LDAP last, but if you need Exim with LDAP support then of course you will need LDAP installed first. Also there may be components you do not need, such as webmail access which would knock out Apache, PHP, and Squirrelmail or Imp. And, too, there are other components that do the same things such as using sendmail instead of Exim.
Install Linux
Download or buy the flavor of your choice. Red Hat is here.
The list of packages I installed on the test box for Red Hat 8.0 is here.
Setup Samba and Winbind
This is only required if you want to get user information from a NT server. There are many other ways to store users that a mail server can make use of.
Unsuccessful attempts with Samba 3.0 alpha 21 and Samba-TNG.
Install and configure antivirus
This page has some install notes on a few packages available and links to others.
Build and Setup Exim 4.x *New: Building RPMs*
For virus and/or spam detection:
Patch into Exim and Setup exiscan (read before building Exim)
or
Install and Setup MailScanner
Build and Setup UW or Courier's IMAP *New: Building RPMs*
You can use the Red Hat RPM for UW if you do not want the ability to auto-create user directories on login via pam.
Setup Apache and PHP4
Using Red Hat's RPMs for now.
Setup SSL Certificates on Apache
Some of my notes on setting up Apache
I'll go more into the configuration at some point. For now see the respected package's web site:
Apache
PHP
Setup a system-wide address book
Setting up PostgreSQL & ODBC *New*
or
Setting up MySQL & ODBC
then
Setting up openLDAP with back-sql *New: Building RPMs, v2.1.x, PostgreSQL*
Install and configure webmail
Install and configure Squirrelmail
This comes with Red Hat 8.0, but the RPM expects sendmail (use the --nodep option). There are a few things in here that might help if you go with the RPM and it changes fairly quickly, so learning to install is not a bad idea.
or
Install and configure IMP
Install and configure spam detection by keyword
to come shortly