MailStack

Revision 2 as of 2009-06-13 17:00:58

Clear message

Summary

This specification focuses on fully integrated mail stack, including SMTP, POP3 and IMAP4 as core services. It defines which features mail stack should provide and default configuration for all of them.

Release Note

Rationale

Setting up e-mail server, for someone who haven't done that before, can be a bad experience. Even the experienced system administrators can get lost in numerous options that are provided by mail server components.

Small and some medium sized companies often decide to base their email server on some proprietary solution and for most of the time, the real reason is easy deployment. Ubuntu already provides superb components for fully integrated solution, but does not provide easy deployment of those solutions.

Objective of this specification is to provide flexible mail stack solution that will be easy to setup and use in small and medium sized companies, but also in large enterprises.

Use cases

  • Eric installs one package or runs a single command to setup SMTP with authorization. He answers to couple of questions regarding configuration and has his service up and running in less than 2 minutes
  • John installs fully integrated mail stack. After couple of questions, he has SMTP, IMAP4 and POP3 services, including TLS versions, with antispam and antivirus countermeasures.
  • Steve installs fully integrated mail stack with Ubuntu Directory Service as a backend for per user configuration.

Design

Components of mail stack

  • postfix
  • dovecot
  • spamassassin
  • clamav
  • amavisd-new

Postfix

Postfix provides SMTP services, integrates with Amavisd-new for antispam and antivirus protection and dovecot for SASL and message delivery.

On installation it will ask questions needed to setup mail server, such as mail domain, type of mail server, which RBLs to use and should it use greylisting.

Dovecot

Dovecot provides POP3 and IMAP services and SASL and LMTP for postfix. It also provides managesieve protocol for management of sieve scripts on the server from clients that support it. Depending on header tags from amavisd-new, if email is considered SPAM it will deliver it into SPAM folder.

On installation it will ask which authentication backend is used (Ubuntu Directory Service) and which services are required by administrator; IMAP and/or POP3.

SpamAssassin

Spamassassin is antispam solution that can make decisions on the basis of email content. Integrated with amavisd-new, it can declare mail as SPAM or HAM. If email is SPAM, it will tag it with special header.

ClamAV

Clamav is open source antivirus solution which integrates with amavisd-new.

Amavisd-new

Amavisd-new provides couple of services. It integrates with spamassassin and clamav, and depending on their scanning results, alters email headers or subject.

If Ubuntu Directory Service is used as an authentication backend, it will be configured to look at per-user configuration in Ubuntu Directory Service's DIT.

Implementation

Restrictions

Default mail stack should never delete an email. If administrator chooses to use RBLs and/or greylisting, every single mail that passes those countermeasures should be delivered to the user. Exception are emails with viruses. Those emails should be delivered to quarantine, but never delivered to the user or deleted.

Test/Demo Plan

Unresolved Issues

BoF agenda and discussion

Karmic UDS notes

These are the notes from UDS session:

= Extending Mail Stack =

* Review current status

* Propose fixes for current problems

* Define new features for Karmic
 * webmail?
  * Probably to be added in the future, or whichever package the Security Team signs off on.
  * Squirrel Mail has the least security issues, but is ugly.
  * Revival of Hula Webmail is being split from other functions.
  * Roundcube has some security issues, but has nice features (security concerns date from 2006. and have been addressed since then; SecurityTeam sees Squirrelmail and Roundcube as possible options).
 * antispam?
  * Don't autoremove spam.
  * Provide a list of RBLs the admin can choose from.
  * Allow choice to turn on Greylisting.
  * Bayesian filter learning needs to be done per user.
 * antivirus?
  * Pieces in Main already, but how will they be integrated?
  * Deliver virus messages to a Quarantine folder.
 * ldap integration (aka Ubuntu directory service)?
  * Aliases in the directory.
  * Get user list from Exchange server behind Postfix server.
  * Add delivery rules to the Directory.
 * vacation?
  * Dovecot Sieve.
 * apparmor profiles?
 * lmtp

 * Documentation
  * Re-add the SMTPAUTH instructions to the Postfix section.
  * Merge the Dovecot section with the Postfix section.
  * Add README to the package.
  * Maybe add some type of man page.

 * Bugs
  * No documentation in package.
  * Cipher requires Medium and High, should be just Medium.

 * Indexing
  * Done when Dovecot delivers.

 * Delegation.
  * Email folder sharing.
  * Dovecot options available.
  * Is there a package to manage how to change permissions?

 * Public Folders
  * Major Exchange feature.
  * Maybe shared contacts would be better.

 * Mailman integration.
  * Integrate configuration with Postfix and user list.
  * Automatically add configuration to Postfix instead of having admin copy and paste the config.
  * Suggest to use a subdomain for mailing lists.

 * SMS and Fax integration.

 * Deliver emails to Twitter.
  * Possibly use a Sieve script.
  * Special mailbox to automatically send.

 * Mail Backup
  * Four current options Bacula, BackuPC, imapcopy or imapsync.
  * Document how to backup mailboxes.


CategorySpec