Re: [tlug] OSX BSD mail server

["Stephen J. Turnbull" <stephen@example.com>]

>>>>> "Micheal" == Micheal E Cooper <Micheal> writes:

    Micheal> Some of the profs think it is high time they have e-mail
    Micheal> for the students,

No kidding!

    Micheal> and I don't think it can be so difficult to install a
    Micheal> mail server on OSX. Does anyone know of a good how-to or
    Micheal> web site with these kinds of resources?

I'd say just go through the Linux HOWTOs for mail at this point.  The
MTAs, MDA/servers (procmail, POP, IMAP) all come with pretty good docs
(I thought so, anyway).  BSD is not going to be terribly different
from Linux, except for boot setup etc.---you're probably already
familiar with that, though.  The config (reliability, security) issues
are the same cross-platform.  The web sites of the developers
(sendmail, exim, postfix, even qmail) are all pretty good.  Many of
the MTA distros and MDA/servers provide sample configs for different
setups.

It's basically FreeBSD IIRC, so (1) sendmail is probably distributed
with it and (2) any of the usual suspects will probably install
properly with 

gzip -dc tarbaby.tar.gz | tar xvf - ; configure; make; make test; make install

However, the most important resource is you being alert.  A multiuser
server is a whole 'nother smoke.  Backup is _absolutely_ necessary---
who's going to manage the tapes?  And proper security can be hard to
get right in a situation where you're basically giving anonymous
potential hostiles (spelled "gakusei" in this context) access to
complex programs running as root.

Depending on the clients (MUAs) being used, you may need to provide
X-Auto-MIME-Bletcherization and the like.

Definitely virus filtering is de rigeur (ObBOFH: although I'd put it
on outgoing, and simply permanently disable accounts that seem to be
infected---no exceptions, not even for the head of the Doctoral
Program in Computer Science).  Failing to assume that your users are
going to be approximately as healthy as the patrons of a Bangkok
brothel is simply unacceptably irresponsible these days.

Spam filtering, you should just say no, but probably can't.

Don't forget DNS.  You'll need MX records in the right places.

Interaction with firewalls (which you may not have yet if you don't
have email, but surely will soon :-( ) is also complex.  If the local
dinosaur-brains, shitsurei shimashita, network policy committee are
like many in Japan, they'll prohibit ICMP, which (at the "MIT of
Japan") leads to nasty behavior like bouncing my mother's mail and
making it impossible to deliver directly to hotmail.com from some TCP
stacks (in particular, Linux 2.2.20).  Without ICMP (or an account on
the firewall machine) these can be impossibly difficult to debug....

In sum, sounds like fun, but (1) you are almost sure to get blamed for
failures due to (more or less) unintentional DoS attacks by your own
staff and (2) it's probably trivial to get "something" running, but
implementing a reliable secure system may give you more experience
than you're bargaining for.

As the Chinese curse says, you're gonna be living in interesting times.
I recommend you go ahead and do it, just be aware.

-- 
Institute of Policy and Planning Sciences     http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba                    Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
              Don't ask how you can "do" free software business;
              ask what your business can "do for" free software.