Forum: 

Any plans for a mail server appliance ?

Guest's picture

it would be great if there was a mail server appliance that smaller organisations (which don't want to pay for or deal with the complexities of M$Exchange) could get.  We'd be happy to pay something reasonable for one if we knew that set up and maintenance were reasonably simple ..

Liraz Siri's picture

We are working on a suite of appliances that should cover basic SMB IT needs with the same easy setup as our other appliances. That includes mail, network file storage, print, name services, etc. We'd like to do that at a level of quality that can match proprietary offerings but with all of the advantages of a free, open source offering.

If you have any more ideas for how to serve SMB users, do share.

AlexCruz's picture

That is great news. Hope to see a mail server appliance soon. By the way, Turnkey Linux is second to none...the absolute best. I had very bad experience with Jumpbox and it is nothing compared to the appliances you have here. Keep up the great work!! Alex
Frans van Berckel's picture

It would be nice if we can get Postfix to install into Turnkey. It's not that easy, I know but, I found a nice howto Step by step guide to install Postfix in a Ubuntu environment. It got to be one of the best doc's I have found in the pas year, true.

http://flurdy.com/docs/postfix/

faustcoder's picture

I have it almost ready! It will use a combination of likewise-open to auth to AD and Citadel for groupware! Look for it soon.
homer15's picture

this is very exciting. any eta? if not, "soon" is good enough for me.
Ian Goddard's picture

For a simple mailserver I don't think groupware is required.

Looking at the what packages are available there doesn't seem to be one that does everything.  The usual approach seems to be to pick best of breed.  This is OK but it then becomes a tough excercise in system integration and that seems to be a big enough problem without throwing groupware into the mix.  There would be a number of possible requirements:

1.  Getting the mail.  Whatever the method there might be a need to consolidate multiple external IDs to a local user ID. e.g. if I buy from some web vendor I set up an address just for them to email me; this is then forwarded to my regular local mail account but after the transaction I close down their address so if they try to spam me it will bounce.

1.1 Retrieving mail from an ISP's POP3 or IMAP server.  Server might be singledrop or multidrop.  Candidates include Fetchmail, Retchcmail and Getmail.

1.2 Providing an SMTP server on the internet.  Candidates include Postfix, Exim, Sendmail and Courier.

1.2.1 Server with a FQDN

1.2.2 Server hidden behind a NAT.  Postfix configuration instructions are unclear as to whether this needs special handling.

2. Storing the mail.

2.1 Real user mail boxes. Candidates include mbox & maildir.

2.2 Virtual users. Candidates include physical mailboxes as per 2.1 (but not in $HOME) and databases.

3. Delivering the mail.

3.1 Just logging in & reading the mailbox direct.  Probably inadequate.

3.2 POP3 or IMAP server. Candidates include Dovecot & Courier.

3.3 Webmail. Candidates include Squrrelmail & Roundcube.

3.4 Full-blown groupware.  See comment above but I see that TKL Zimbra server manifest includes Fetchmail so possibly the two servers could be hosted on separate VMs and work together with Zimbra using Fetchmail to grab from the mail server.

4. Sending mail.  Need to be careful not to create an open relay.

4.1 Not provided, user mail client sends directly to ISP's outbound server.

4.2 User mail client sends to mail server which relays to ISP's outbound server. Candidates as in 1.2 above.

4.3 Mail server includes own MTA.  Candidates as in 1.2 above.

5. Security.

5.1 Authentication.

5.2 Spam & AV filtering. Spamassassin & ClamAV seem to be the standard way to go for these but then they have to be integrated.  Candidates for integration are Amavis and Procmail.  There are also policy issues such as use of blacklists, greylists & whitelists to be considered.

6. Management.

6.1 Low level configuration.  All packages have some sort of config files but some can also be configured by other means such as SQL databases.  Which to choose? Choice may interact with database option for 2.2, also with 6.2

6.2 Configuration wizard.  Depending on the choices in 1 to 5 various packages need to be enabled or disabled and those enabled need to have a coherent set of config files to enable them to work together properly.  Sysadmin needs to be able to set up the overall structure and possibly users need to be able to set up their requirements, e.g. consolidation of external IDs as in 1.

Ian

faustcoder's picture

I'm doing various tests with different groupware suites. Hopefully one (or maybe two?) of them will make the cut. I like Citadel due to its simplicity and very active development. So I guess you can take this as a "soon". In the meantime check out the turnkey wiki for more info. And please feel free to give any feedback, we could always use it!
Anon's picture

Zimbra, Zarafa & eGroupWare seem to be gaining ground as turnkey alternatives to exchange, which is what I'd expect is what many users @ admins will come to expect.

With the exception of the ActiveSync (& possibly BlackBerry) protocols, which are propietary extras, the rest seem pretty well geared to go "mainstream"

If I'm not mistaken, these groupware systems require some form of direcory service, like LDAP, to enfore group policy contol, which may complicate configuration

All of this is even before we get to CRM systems, like SalesForce & SugarCRM

== FLOSS'er ==

clchildress's picture

It's absolutely grin-inducing that there is a turnkey solution being developed like this!  Thank you so much for giving us a great SMB Exchange alternative.

@freakalad: I haven't checked out the other groupware solutions but In my own personal experience, I have learned to dislike eGroupware very, very much.  My group switched from it after a few nightmarish events with lost data and corrupt sessions.  From what I have seen and experienced, it is very buggy with sloppily combined elements that sometimes work and sometimes don't.  It is slow, and the included wiki is lacking in features and stability.  Just putting in my $0.02!

Once again, thank you to the turnkey team for all your hard work developing a turn-key email and groupware solution.  Installation and configuration of these components can be a big hurdle to linux system administration and it will be great to see a free turn-key solution available as an option.

Anon's picture

Yea. These turnkey's are absolutely fantastic & make life a LOT easier!

Thanks a bunch, guys

Cut-down, standard, secure deployments with very small footprints. Hard to beat!

re eGroupWare: I hear what you're saying & absolutely agree. I was not impressed woth eGroupWare AT ALL, but it's gained widespread use as an exchange alternative. I only put it in as reference, but I doubt that it'll find a home here, since these TK's are build to be extremely stable & robust, which, in my opinion, eGW is not.

== FLOSS'er ==

Guest's picture

I'd really love to see an Open-Xchange turnkey appliance, it would make my life so much better.  :D

Anil Mahadev's picture

Hi Alex and Siri,

I am currently working on a POC for a prospective client to implement the MySQL / Joomla(Appliances) and SugarCRM(Installer)

Love the Appliances :). Looking forward to a CRM(sugarCRM) Applx. You folks Rock!

Cheers!

Kind Regards
Anil Mahadev

Independent Database Consultant and Solutions Architect
IBM Information Champion
IDUG INDIA FORUM 2009 CPC Chairman
 

Alon Swartz's picture

Thanks for the encouragement, we love getting feedback. SugarCRM is planned, but any help from the community will speed up the process of getting it into the library.

BTW, I assume you meant Alon and not Alex :)
bajira's picture

Hi Guys..

I have deployed sugarCRM with ubuntu and i tested out in both virtual and Physical disk machines.

It works fine.

Any queries you can ping me..

Maxim's picture

I use Zimbra as PDC. (http://wiki.zimbra.com/index.php?title=UNIX_and_Windows_Accounts_in_Zimb...)

It is a mail server + collaboration + PDC + file server.

Jeremy Davis's picture

I like that idea! I might have a look at that! Thanks for the heads up!

Charles Hutchinson's picture

A SMB appliance would be most appreciated in churches and other ministry offices.  I am currently working with a number of ministries to get their front offices on open source solutions and out from under MS licensing. It would be a BOON if there were a turnkey app for:

- mail

- domain controller

- print

- open collaboration (currently testing google wave which, by its concept, is confusing for people)

- file storage/sharing

- anti virus

- unattended (automated) PC backup

Also, I am able and available to assist with whatever my tech skills can provide to this endeavor.

Hutch

Charles Hutchinson's picture

A SMB appliance would be most appreciated in churches and other ministry offices.  I am currently working with a number of ministries to get their front offices on open source solutions and out from under MS licensing. It would be a BOON if there were a turnkey app for:

- mail

- domain controller

- print

- open collaboration (currently testing google wave which, by its concept, is confusing for people)

- file storage/sharing

- anti virus

- unattended (automated) PC backup

Just my thoughts.

Hutch

Jeremy Davis's picture

While I can't speak for TKL Devs, from discussions that have been had I think that a TKL all-in-one appliance that does what you want is highly unlikely.

That leaves you with a couple of options:

  • Build your own using a TKL appliance already available (TKL Zimbra would possibly be a good choice) and add the extra functionality you want on top of that. As a few others have expressed interest in something similar, it would be good to document the development so others can recreate your appliance (even if TKL choose not to take that path).
  • Create a hardware based virtual server farm using something like Proxmox (my favourite) or VMware ESXi as the base then installing individual TKL appliances to serve each purpose (see more about that idea in my post here).
Hristofor Georgiev's picture

First of all I have to thanks to turnkey for the great work that they do.

Second about the mail server.

I think that the setup discribed in this howto:

http://howtoforge.com/virtual-users-domains-postfix-courier-mysql-squirr...

Can be easely deploy on top of TurnKey Core for example.

I can try to do this as soon as i have free time.

And bring this salution back here for testing.

 

 

Ian Goddard's picture

I've spent a good while over the last few days Googling for solutions.  The problem is that there's a huge range of variation in implementation.  For instance one document had a sequence Fetchmail -> Postfix -> Procmail and another had Fetchmail -> Procmail -> Postfix.

On the whole HowTos and the like seem to concentrate on a single use case which might not be one's own.  I don't think I've seen a single example which specifically tackles my situation 1.2.2 - the server doesn't have a FQDN on the net but is behind a NAT router (in such a situation the ISP can provide an MX record for the router's IP address & the router can direct SMTP traffic to the server).  In fact, by contrast, the extensive treatment of Postfix in Nemeth et al (Linux Administration Handbook, the Linux variant of the well-respected Unix Administration Handbook) more or less assumes a .edu situation where not only the server but its clients will be expected to have FQDNs.

What I attempted to do in my previous post was to try to list the elements which will contribute the the different combinations which potential users might require.  One size does not fit all.

Ian

Hristofor Georgiev's picture

First of all I have to thanks to turnkey for the great work that they do.

Second about the mail server.

I think that the setup discribed in this howto:

http://howtoforge.com/virtual-users-domains-postfix-courier-mysql-squirr...

Can be easely deploy on top of TurnKey Core for example.

I can try to do this as soon as i have free time.

And bring this salution back here for testing.

 

 

Hristofor Georgiev's picture

Ian in fakt this issue with th FQDN isn`t an issue because you can have internal DNS for this zone in your local network and Otside DNS zone with proper mx and A records. Besicly there is no diffrence in turm of postfix implemenatation when the server is directly on internet and when is behaind NAT the diffrence is in how you setup your zone records for your FQDN.

 

For example:

FQDN: mailserver.com

Real IP:                                 Real IP:Local IP          Local IP           Local IP

                                                       192.168.0.1       192.168.0.100 192.168.0.150

Mail Server ----- Internet ----   Router              ----- Mail Server-----Mail Client

 

So you have Your mail server behaind nat on 192.168.0.100 IP and your Local Mail Client on 192.168.0.150.

When your cleint ask for mailserver.com from 192.168.0.150 your DNS server on the router or on separed box replay mailserver.com = 192.168.0.100 When Mail Server from internet ask your DNS server it replys with the real IP of your Router. And you have setup NAT so all the ports on the server for mail going to 192.168.0.100. 

This is done by DNS Zones and can be done with BIND

See this for example: http://www.knowplace.org/pages/howtos/split_view_with_bind_9_howto.php

That`s it. You can use the howto to with i post link to do the mail setup part.

If i can help you in some other way please write me on my mail.

 

 

Ian Goddard's picture

Thanks for your comments Hristofor.

Perhaps this could be simplified further.  Consider the following example:

- The mail server serves the domain MyExternalDomain.com

- The ISP provides an MX record giving MyExternalDomain.com's IP address as 1.2.3.4

- 1.2.3.4 is the external IP address of the internal system's gateway.

- The gateway routes incoming SMTP traffic to 192.168.0.100 as per your example

- The internal network uses simple names such as "pc123" and "laptop321" for clients.

- The internal network also gives simple names to servers and other network resources such as "fileserver" and "main_office_printer".

In this situation the natural internal name for the 192.168.0.100 would be "mail" or "mailserver".

Would there then be any need for an internal client such as pc123 to use "MyExternalDomain.com" to access 192.168.0.100?  If not then the server can be set up as "mail" on the DNS.  Even if postfix needs to have its platform identified as MyExternalDomain.com this could be set up as an alias in /etc/hosts.

Ian

Neil Bird's picture

I am 1 who would love a SMB package solution for ministry and other small office/not-profit.

I also work with aboriginal groups and the setup of simplified turnkey solutions is quite advantageous as they could remain consistent from office to office.

I understand and like the virtual server solution, however this is not ideal with scattered groups.  A well integrated smb solution would be nice.  A solution based off Zimbra would be nice with file server and PDC. 

I have not had a chance to fully test the Zimbra solution, is it not suitable as a mail server?

... willing to test builds if needed.  As long as I can figure out why I can't seem to install the Turnkey solutions on my dell test box with IDE raid...

 

PS I love the concepts and effort.   This is a fine and well needed product for those of us stuck in M$ land.

Neil Bird's picture

... how to test the beta.

Have I said yet how I appreciate Turnkey and the community yet?

WooHoo!

Guest's picture

I was wondering how this is going? Back in early 2009 there was talk of a mail appliance "coming soon". Is there something available?

Jeremy Davis's picture

But there is a Zimbra appliance. If that's not what you have in mind what would you suggest?

Guest's picture

Thanks for the Zimbra suggestion. I'll check it out.

LBogaert's picture

I checked out Zimbra, and functionality wise, it looks great.

The only problem I have with it is that under the free license, you are not allowed to add your own logo, which for me made it unusable.

I don't have a problem with showing that it is Zimbra powered if I can add my own logo. To do that, I'd need a paying version which for my purposes is way too steep, for that price, I'd stick with my own Windows based e-mail solution which I'm using for over 10 years now...

So an e-mail appliance using free software (really free) would be great!

Guest's picture

I would like to use a horde or open exchange appliance but i cannot do it because it's too hard formy skill. Is there ayone who try to do it? Thanks

Let me try

I tried  horde . Setting up horde is not a difficult thing...... but after that, configuring horde  to one's choice is very borring, not a user-friendly GUI ! Try Groupoffice  or Citadel suite, I have already submitted a patch for Groupoffice , It is having good user-interface

Guest's picture

i need something like open exchange or horde that allow outlook to share calendar, email, appointment and task trough horde or ope exchange server.

Jeremy Davis's picture

AFAIK Outlook can connect to Zimbra and share calendars etc (although I haven't actually tested it myself).

Guest's picture

But not the free version of Zimbra. If you want to use Outlook as a client you'll need to pay for a version of Zimbra that supports it.

k_graham's picture

It sounds like whats being asked for is

  • Open source and Free to use

SME Server provides the following standard functionality (See About SME Server for more detail):

  • Ease of Administration
  • File and print sharing
  • Sharing of a single Internet connection between multiple computers
  • A robust email server, which includes virus and spam filtering and webmail
  • A network firewall to protect against Internet intruders
  • Secure remote access
  • Directory services
  • Web application server, including support for Apache, MySQL, PHP and Python (LAMPP)
  • RAID and Backup
  • Automatic updates
  • Extendibility
  • Support for multiple languages
  • and much more ...

all managed through an intuitive web interface

k_graham's picture

I neglected to mention the possible limitation of the program SME server from Contribs.org and why I happened upon Turnkey Linux in the first place. Actually SME server is a very robust application with a capability of a full compressed backup to external drive and we have a external drive we can drop terabyte drives into, more importantly we actually have 2 locations plus my home. 

I was hoping to reduce the human element in backups via moving the backups home and using a internet method of backing up the data from the 2 locations. TKLBAM sounded good but its not the cost of cloud storage, its the cost of transport and delay of restore sending to the cloud. After carrying the drives home being able to use a program like TKLBAM for daily additional data via internet would be fine. Because moving 100 GIGS via internet would currently be over a months capacity on my internet connection plan. Should disaster occur it would still be easier to travel 50 kilometers with the backups to restore the data, and likely necessary anyway, pulling it off the cloud would not be an option.

Ken


Liraz Siri's picture

The good news is that you can use TKLBAM with non-cloud storage targets if you want.

Regarding cloud storage, I agree that sometimes the real cost is not how much you pay for Amazon S3 but the latencies in getting the data there. It all depends on what sort of Internet connection you have.

Keep in mind however that Amazon S3 is extremely well networked and can take whatever you throw at it, especially if you route to a geographically close datacenter, which is something the Hub takes care of automatically.

Some of the servers we're using TKLBAM with get 5MB/s sustained average upload speeds to S3. These aren't servers located in EC2. Backing up 100 GBs at that rate would take 5 hours which is reasonable. Most internal networks aren't much faster. And I reckon the limit is on our end, not Amazon S3 so given a fatter pipe we might be able to cut this down to an hour or so. At these rates we have to start worrying about internal IO limitations on the machine running the backup.

Of course not everyone has such a good connection to the Internet. If you can only upload at 500KB/s, 100GBs would take 50 hours, etc.

Jeremy Davis's picture

imposed by ISP (ie not into and out of Amazon, but anywhere online). Here in Australia pretty much all plans have some sort of data transfer allowance or cap per month. As time goes on these have been improving but are still quite limiting to cloud style deployments. Most plans now employ shaping for excess data transfer (ie bandwidth is reduced once you go beyond your monthly quota) although there are still some which instead charge for excess data usage. This data can get incredibly expensive!

For example, my current plan has unlimited upload, but downloads are limited to 60GB/mth. Once I download beyond that in a calendar month my download speed is shaped to a 64kbps crawl (painful as you can imagine)! Other plans count upload data as well, eg my girlfriend's plan has 50GB data transfer/mth total (upload & download).

This scenario makes online backups of large amounts of data somewhat prohibitive

Liraz Siri's picture

Good points I hadn't fully considered though I imagine some of the limitations you're describing can be worked around if you're willing to pay extra for a non-residential Internet connection. So if you're a business and you have many GBs worth of mission critical data to backup you would have to compare the costs of a non-residential online connection with the total cost of setting up redundant off-site backups (e.g., daily/weekly backup tapes sent to a safe storage location).

Perhaps once you factor in costs of labor, reliable storage media, and shipping/transportation costs, paying for a fatter pipe, while not cheap might actually look pretty reasonable.

Jeremy Davis's picture

When you factor the complexity and costs of alternatives (as you say: labour, media,  transport perhaps even hardware) and the actual reliability of these alternatives I think there is still a case for TKLBAM being good value. Also most plans (either residential or business - often the only significant difference between residential and SOHO is a static IP with the latter) you are able to purchase additional data "blocks" (ie increase your data transfer limit by a specified amount on a one off basis). So you would not necessarily need to even upgrade your plan, just buy additional data transfer for testing and recovery of data when/if required.

So its not a huge issue, but I still think its good to recognise and discuss various regional limitations and implications of things.

Post new comment