LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > *BSD
User Name
Password
*BSD This forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.

Notices

Reply
 
Search this Thread
Old 03-23-2004, 11:45 AM   #1
grbeck
LQ Newbie
 
Registered: Mar 2004
Distribution: Suse 9.0
Posts: 3

Rep: Reputation: 0
Newbie needs SMTP relay


I'm basically a newbie to Linux/BSD, but I am a network engineer over 10 yrs with focus on Novell. I would like to shield my Novell/Groupwise email server behind OpenBSD smtp relay server, and would also like to add Spam and A/V filtering using open source options. My question is, is this something I could reasonably try to accomplish? I have been looking into Groupwise-specific solutions and had just about settled on something that will run about $700 plus $200 for annual maintenance, but some listserv postings regarding similar needs suggested OpenBSD/Postfix as a more secure solution.

I just started the OpenBSD install on an old system and planning on trying to get that working as a simple SMTP relay first. If that works, I will then test anti-spam/anti-virus filtering, and finally if everything is solid probably move the box onto better hardware. Also, currently using CA eTrust 7.0 for corporate A/V. Specs say it runs on Unix/Linux, is there a chance it will also work on OpenBSD?

Thanks for any help/suggestions/encouragement
 
Old 03-23-2004, 11:56 AM   #2
jsokko
Member
 
Registered: Mar 2004
Location: Phila, PA
Distribution: SuSE 9.0 / RH 9 / Slackware 9.1
Posts: 110

Rep: Reputation: 15
Use qmail / spamAssassin / clam. It's free but a pain in the arse to install properly.

Check out -- http://www.lifewithqmail.com

J
 
Old 03-24-2004, 12:19 AM   #3
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
There are lots of people who use Postfix (or sometimes Qmail) + Amavisd (or clamd is a lesser-used route) + SpamAssassin and it works reasonably well. It's not going to be anywhere near as effective as a commercial anti-spam solution, but if you're looking to do it "for free" than the above would certainly be free, from a software perspective.

Implementing it on OpenBSD makes it more interesting since you can use the pf(4) packet filter and spamd(8) in order to tarpit spammer connections (waste their resources).
 
Old 03-24-2004, 08:08 AM   #4
grbeck
LQ Newbie
 
Registered: Mar 2004
Distribution: Suse 9.0
Posts: 3

Original Poster
Rep: Reputation: 0
From Chort's post I'm gathering the ideal solution would be to go ahead with the commercial product on the Netware server, and use OpenBSD as a relay just to shield my SMTP server from a direct connection. (It's behind a firewall, but SMTP traffic is directly forwarded to the server). That will still take some time to get approval, so I'm probably going to go ahead and try to setup some filtering through OpenBSD anyway. I'll probably shoot myself in the foot if I get that working though, "why do we need to spend money if it's already being filtered?". But really, if it blocks even 85-90% of spam (and all viruses) I think my users and myself would be very happy with that.
Any really big disadvantages to using Suse instead of OpenBSD? Is it a bigger security risk, or not so much? As a Novell shop, I'm sure we'll be using Suse at some point down the road, so I'm going to need to start playing with it.
 
Old 03-24-2004, 12:44 PM   #5
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Actually it's much better to filter for spam at the gateway then on your groupware server (Groupwise, Exchange, etc). That way the processing is off-loaded from your already burdened groupware server and you don't introduce potential software conflicts or incompatibilities. There are commercial products that do essentially what you're trying to do with OpenBSD, only they cost thousands and tens of thousands of dollars. I definitely wouldn't recommend putting anything on Groupwise if you can help it.

With SpamAssassin, you can expect to block somewhere between 60 and 80% of spam, and I don't know about the anti-virus effectiveness of either amavis or clam. I do know that Kaspersky offers anti-virus engines for several UNIX-like operating systems (not sure if OpenBSD is included).

From a security standpoint, you're much better off using OpenBSD as your Internet-facing SMTP relay because a lot more thought and effort have gone into making OpenBSD insanely secure, especially in it's default configuration. You will want to replace Sendmail with Postfix, but there are instructions for doing that after you install the Postfix port.

I'm using the "pcre sasl2 tls" "flavor" of Postfix (on OpenBSD you can set your FLAVOR environment variable prior to making the port), which you'll probably find useful. If you plan any directory integration or to use tools which require MySQL, then you'll want the ldap and/or mysql flavors, although I would strongly recommend adding those unless you're 100% positive that you'll use them.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SMTP "open relay" and SMTP AUTH aikempshall Linux - Security 3 10-11-2006 08:19 AM
Running a relay SMTP server (Newbie here) Tigrebianca Linux - Networking 2 09-08-2004 07:44 AM
SMTP: Relay Denied nemesisza Linux - Software 2 03-14-2004 10:54 AM
Smtp Relay john8675309 Linux - Networking 2 02-12-2004 12:14 AM
SMTP Relay Spamfilter troopern Linux - Networking 2 07-28-2003 01:03 AM


All times are GMT -5. The time now is 10:06 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration