In a previous document, we built redundant firewalls using the CARP and PFSYNC protocols; these were the first building blocks of a hypothetical, OpenBSD-based, small private network that we are going to build step by step across several documents.
Now that we have raised the "defensive walls" of our network, it's time to think about the services we want to provide. Offering a reliable and secure email service is probably one of the top priorities of most system administrators; therefore, in the next chapters, we will build a full-featured mail server, based on open-source software and focusing on security. The following is the list of the pieces of software we will use:
secure by defaultoperating system, with
only two remote holes in the default install, in a heck of a long time!;
that started life at IBM research as an alternative to the widely-used Sendmail programand which
attempts to be fast, easy to administer, and secure;
world's most popular open source database;
fast, scalable, enterprise IMAP serverthat supports MySQL and maildirs;
high-performance interface between mailer (MTA) and content checkers(antivirus and antispam), written in Perl and optimized for Postfix;
#1 enterprise Open-Source spam filter, which
uses a wide variety of local and network tests to identify spam signatures;
A good knowledge of OpenBSD is assumed, since we won't delve into system management topics such as base configuration or packages/ports installation.