I recently had to upgrade an aging mail server at my university. While I have experience with network administration under Linux, I always find it difficult to set up a mail server properly. Mail transfer agents (MTA) are complex to set up on their own, and with the added difficulty of setting up features like spam filtering and antivirus protection, it can be really tough.
The old server I was to replace had about 500 accounts on it. Each one of the accounts was an actual user account, with shell access. My mission was to:
- Install Qmail.
- Set up a Web-based management interface.
- Set up virtual users and domains.
- Enable spam filtering and antivirus software.
- Migrate all users from the old server to the new server, keeping their passwords and email archives intact.
The mission itself was not very difficult. The problem was that I had only one weekend to complete the job. My previous attempt at setting up a mail server for a similar load took me four days, and required a week of tweaking after the server came online. This time around, I needed some help.
This is where Qmail Toaster came in. Qmail Toaster is a full-blown mail server distribution for use with most RPM-based Linux distributions. Qmail Toaster is distributed as source RPMs that require compiling on the host system before installation, in order to meet licensing requirements set forth by the original creator of qmail, D.J. Bernstein. The last official release of qmail was in 1998, but it continues to be a popular MTA.
Due to the age of the qmail code, the Qmail Toaster project has included many patches to update functionality, and given the software a few other niceties, such as Web-based email and Web-based administration. Unfortunately, only RPM-based distros are supported; if you run a Debian-based distro, Qmail Toaster is of no use to you. All the popular RPM-based distros are supported though, from Red Hat Enterprise Linux (RHEL), through CentOS, Fedora, and Mandriva. The 64-bit versions of Fedora, RHEL, and CentOS are supported as well.
Qmail Toaster has many interesting features. Besides supporting the POP3, SMTP, and IMAP protocols, it supports the more secure POP3-SSL and IMAP-SSL. It can provide SMTP roaming for remote users using SMTP-AUTH, POP3-AUTH, and IMAP-AUTH. Qmail Toaster has support for the Sender Policy Framework (SPF) built in, which provides some protection against phishing and spoof emails. Spam filtering is handled by SpamAssasin and SimScan. Viruses and worms are taken care of by a combination of ClamAV and Warlock.
All of the application's user accounts are stored in a MySQL database. This means that a single Qmail Toaster server can handle multiple domains, and there is no need to provide system accounts for users who only need email, which mitigates the security risk associated with shell accounts. A mailing list management program, autoresponder, and Web-based email and administration round off Qmail Toaster's feature list.
Qmail Toaster installation is largely automated. The Qmail Toaster site provides a bundle of ready-to-use scripts that automate the installation process. After doing a server install of CentOS 4.2 on the mail server, all I had to do was run the scripts. You can set up the software on any other RPM-based distro as well. I chose CentOS because the Qmail Toaster Web site provides detailed instructions that make installing it a piece of cake. After the basic OS is installed, and the server is able to access the Internet, the scripts do all the work.
It sounds unbelievable, but it really works. The only user input the software requires during installation is the MySQL database password, the IP address of the server, and the distribution name. The scripts fetch the necessary source RPMs from the Qmail Toaster site, build them with the proper system variables, and install them. The speed of the process is of course dependent on the speed of your Internet connection and the server itself. The install process took about 25 minutes on my 3GHz Pentium 4 machine with 1GB of RAM, connected to the Internet over a T-1 line.
After all the packages were installed, I had to set up an SSL certificate. This is only necessary if you want to use services over SSL. The guide walks you through the commands necessary to create a self-signed SSL certificate. You then add the email domain. The entire process, from installing the OS to a fully functional mail server, took me about 90 minutes.
Once the mail server was ready, the next step was migrating the users from the old mail server. With a quick bit of Googling I found exactly what I was looking for: Detailed instructions on migrating from a Sendmail-based system to qmail. This took another 15 minutes. And that was it!
The entire installation and migration procedure took only two hours. At the end of that time, I had a modern, fully functional mail server, with a nice Web-based administration system, spam and virus filtering, and support for virtual users (rather than requiring users to have actual system accounts) and virtual domains. I moved all the user accounts successfully, without the loss of any email or requiring users to change their passwords.
Using the software was equally pleasant. The Web-based administration interface provides graphs of important parameters, such as the number of messages delivered, the amount of spam and viruses filtered, the size of the mail queue, and quite a few more, so you can easily keep track of what's happening.
My mail server has been running for a month, with only one reboot due to a unrelated update. The virus scanner updates itself, spam filtering is working smoothly, and all the users are extremely pleased with the new system. Administering the system is easy, and there is extensive online documentation to help tackle any problems. This means that after installation, you can hand over administration to someone with no Linux experience.
If you run into problems during the installation or afterwards, you can turn to the Qmail Toaster mailing list. The creators of the site respond quickly and politely, and often provide customized scripts for specific cases. The tone of the mailing list is quite different from the standard RTFM responses one might receive on some other lists. I posted a few queries to the list, and got answers that solved my problems within three hours.
While Qmail Toaster may not be suitable for all environments, it succeeds at what it sets out to do. The installation requires little experience, and the instructions are clear, concise, and easy for even the proverbial first-time user to understand. Yes, experienced server administrators could probably install a better system in half the time, but if you don't have one of them around, Qmail Toaster is that rare product that just works. No hitches, no glitches, no struggling to understand obscure errors. If you are administering systems for a small business, educational institution, non-governmental organization, or any place where Linux expertise is not available, and funds are limited, Qmail Toaster is for you.