I need to setup an email server for a few domains. All the domains will run off my one box, running Redhat 7.2. I haven't played with email servers and linux much. Can anyone suggest a good mail server that is easy to use and relatively secure?

Well, you already have Sendmail with RH 7.2, that is relatively secure and not easy to use, but what the planet runs off of. You can get plenty of help with it at just abut any mailing list/forum.

I've heard that more or less the most secure mail-server is Qmail, which does some weird things, but is supposedly much easier to administer, but a raging pain to install. No RPM for you there.

Luck,

Finegan

thanks. those are the 2 that i know of. i think im going to start off trying qmail.

where did the comment about sendmail being relatively secure come from? a quick look at it's history sheds a different light on the matter.

Alternate MTAs include Courier (a full mail suite, MTA, MDA, POP and IMAP server, webmail included), qmail (quite widely used, supports Maildir style mailboxes, and VERY secure) or Postfix (Venema's creation, also very secure and widely used).

qmail is quite easy to install if you follow the instructions. The author's directions are good enough, but you'll find www.lifewithqmail.org to be a better resource.

I am in the process of configuring my sendmail at this moment, this may be an aside to your main question and I apologize but my logs show hundreds of attempts from some (very colourful word) to mail spam, they found my system in less than 4 days and has been attempting spamming through my relay - I have limited my sendmail to only my domains in webmin with "relay domains" is this enough to stop the spam relay?

unless they somehow find a way to spoof thier address ( i assume you limiting it to ip block? or domain?) i don't believe you will be vulnerable to relaying. then again, it is sendmail, and you might become lost in the configuration (webmin doesn't even touch the tip of the SM configuration iceberg.)

Yeah, to amend my earlier statement, Sendmail is crap, and defending its current versions, 9.x compared to how it was v 8.x and prior would be like arguing how win 2k is less of a piece of crap than 98. We're still talking about poo.

Q-mail is a bit of a headache to install, and does kinda weird things, like living in /var because the crator didn't trust the security of /bin, but its a lot easier to configure after install. The install is a headache. Oddly enough if you were running either of the two so-called user-unfriendly distros: slackware or debian, there is a Slack package and a .deb for qmail, but no RPM that I know of.

Anyway, if you run any server on a static long enough you'll end up watching logs get big and fat with people trying to do all sorts of nasty things off of random port scans. When code red hit, my apache log jumped to 3 megs in 3 days with all of those Windows NT based buffer overflow calls. The one upshot to sendmail is that all the distros I can bring to mind have relaying denied in their default configs these days. Okay, I'm talking about poo again.

Offhand, Sanch5, how easy is Courier to get running? And how safe is it compared to say, Qmail or Postfix? Or better yet, where's the project site and I'll do my own homework.

Cheers,

Finegan

sancho5 .. i limited it to domain, i just read about the ip block - but to administrating that would mean id have to hire a spam control data entry personel lol. - and ive gotten lost in configuration already - is there a way to test if my relay block works? - i thought i saw some test site on spam.org or something ring any bells?

I searched the courier out - http://www.courier-mta.org/

to tell you the truth, i'm not sure how you'd test that. perhaps try to send mail from an outside addy to a host not on your network and see if it goes

incidentally, there are qmail rpms. no one recommends using them. not the author, not anyone on the mailing list, not me. you install from rpms and you'll be lost right afterwards; you won't know which config files to edit, and the rpms install things slightly differently than source does, so any help reference you find will be skewed. qmail is really not much of a pain to install, in my opinion. i can run through a complete install from source now in about 20 min, using my own installation steps (which more or less mirror those on lifewithqmail.org - just tweaked for openbsd). that's neither here nor there, as "your milage may vary", but point being if you have some good installation steps to reference, you'll do fine.

Courier. courier is really becoming a good mail solution, IMHO. it's the only full mail suite i know of, as in courier can come as a bundled MTA, IMAP, POP, Webmail, mailing list manager in one. The good thing is that if you don't want the whole courier suite, you can use most parts of it individually. courier-imap is in popular usage with qmail, for instance, because of the Maildir support (alternative to problematic Mbox format). You can use the Webmail portion alone, also.

As an MTA, courier is very fast (possibly the fastest, some would argue, but qmail's not far behind) but nowhere close to as secure as qmail, rumoredly. It fares around postfix in the scheme of things. IMHO, courier is more difficult to install the full suite than qmail, but that's just me.

one setup you'll find a lot of documentation for is using :

qmail
courier-imap
vmailmgr (for virtual email domains)
squirrelmail

together. it's well documented on the web and a common solution. i use it at home and am well pleased with it.

I finally got qmail working. After the first time I made it thru the long install process, I had some problems that were actually causes by a failing hard drive. I went ahead and bought The Qmail Handbook and reinstalled again and everything works great. Install was long but not too difficult. The book is really nice to have since I really want to know what I'm doing, but the online Life With Qmail was more than enough info to get going with. With my little experience so far, I can at least tell the Qmail ownz Sendmail.

Hear, hear! j/k, it's kinda hard not to get caught up in a religious debate over these types of issues. Sendmail proponents point out that yes, SM had a string of insecurities and root hacks in it's earlier days, but it's record is cleaner now. What they're not pointing out is that with a history like that, things aren't likely to be cleaned up until the proggie is completely recoded. Until then, it's still running on the majority of the Internet's mail servers, and one more root exploit like they've had can be more bad news for the majority of the Internet, *again*. (BIND comes to mind here, for some reason.)

One thing you'll find is that Dan J Bernstein is a crack software developer, no matter the package. He recognizes the insecurities in today's software and fixes it. He also sticks to the RFCs as closely as possible. If you like qmail, take a look at djbdns, publicfile, etc. Take a look at http://cr.yp.to/software.html for more of his stuff.