On Monday, April 12, 2004 11:32 am, Rob Becker wrote: > I'm looking to build out an email server to serve webmail and pop or > imap. What combinations have you used and liked? What's a good server > for security and stability? What webmail packages do you like? How > about virus scanning and spam filtering? Any thoughts, opinions, links > appreciated.   I've built a couple of RedHat 7.x servers using the default RH packages for Sendmail and ipopd. They have been very stable, and security has been good. The only problem is that they are getting a bit out-dated now, since RH doesn't supply patches, and trying to install new software can be a problem because the packages the software depends need to be more recent versions.  You need to look carefully to make sure that everything you want to do will integrate with the packages you choose. Some mailing list managers will only work with certain mailers. Sendmail is the most common MTA, and you will find more packages that work with it than with the "alternative" MTA's. Most of them will emulate sendmail for compatability. Rumors of sendmail's insecurity are several years out of date, and are due to the fact that sendmail dates back to when the entire internet was pretty much without security. Some older systems weren't updated soon enough, and gee, they were running sendmail. Sendmail can do a LOT of different things, and therefore the configuration for it can be very difficult to understand. Using a binary package from a good distro will help here. Sticking with sendmail on a known distribution will also be easier because most documentation assumes that you are configuring sendmail, probably on RedHat. RH derivatives such as Mandrake and SuSE are very attractive if you're not into re-coding and re-compiling everything yourself, if you want a system that will pretty much run "out of the box" without a lot of time searching for active chat rooms and useful mailing list archives. Squirrelmail is ok if all you want to do is web mail. I've used the Horde system, which has good abilities for other options such as account management, calendars, address books, etc. It can also be configured to use a different server from the web server as the mail server, or to allow users to connect to any mail server where they have a POP or IMAP account. Unfortunately, Horde is in the midst of a complete re-write just now. They are bringing out the release candidates for the new structure, which I haven't worked with, and it's not entirely clear that everything you need to actually get the older version Horde working is available from their servers. Still, it's worth looking into, especially if you're interested of something that can be more of a portal than just a webmail server. I use John Hardin's Procmail Sanitizer (http://www.impsec.org/email-tools/procmail-security.html) which catches dangerous executables and attachments, and can also strip risky HTML out of messages, and spamassassin, which is currently catching just under 80% of traffic as spam with no false-positives. Horde: www.horde.org Spamassassin: www.spamassassin.org Sanitizer: http://www.impsec.org/email-tools/procmail-security.html Securing your system in general, along with good tutorials about Firewalls, sendmail, etc.: http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html I've been very happy with RH7, sendmail, and Horde. If I were building a new server it would be SuSE 9x, sendmail, and possibly the new Horde.