Building an OpenBSD mail server, part 1

Synopsis:

This two part article, from early 2005, explains how you can build a mail server using OpenBSD, with spam and virus filtering; it's a good example of the more technical articles that I sometimes write, but you should note that much of the software mentioned has been updated since the article was written.

This article is copyright material. Please do not reproduce it without permission.

Viruses and spam are the scourge of the internet, making up a huge proportion of the emails received every day. There are, of course, tools that can deal with them when you collect your email from the server, but in many situations, it's best if you can reject them before they even reach you. There are commercial companies, such as MessageLabs, that will do the job for you, as well as many server-based spam and virus solutions. All to often, however, you'll have to pay subscriptions to keep up to date, and as you add more users, that can quickly start to become expensive.

With a little effort, you can however combine open source tools to set up a mail server that doesn't need costly subscriptions, can be set up in a few hours, and filters out both junk mail and viruses before they reach anyone's inbox.

Whether you want to provide a mail gateway for a small office, or a central mail server to put on the end of an ADSL connection for a home network, it's a lot simpler - and cheaper - than you might think. You can put together a powerful mail scanning system for around 500; in fact, our tests suggest there'll still be plenty of horsepower left over if you want to use the same system for other tasks too.

Over the next few pages, we'll show you how to configure and build a server based on the OpenBSD operating system, and next month we'll explain how to configure the email scanning and filtering.

In detail

Spam used to be the main problem affecting internet mail servers, but in the last couple of years, viruses have become a great threat too, thanks to some that have been particularly fast and prolific in their spread, making it near-essential for any mail system to check for them, along with rejecting junk.

There are lots of ways that you can check for spam; one of the most well known open source tools is called SpamAssassin; it's powerful, and can be configured to apply its own rules, to check messages against a Bayes database to determine the likelihood of them being spam, and also to check other online resources, for example email from known spam hosts, or message 'fingerprints' to see if other people have reported spam.

A couple of years ago, finding a free anti-virus system wasn't terribly easy. But now there's a tool called ClamAV , which is open source, and has regular updates to its virus database; it's even caught some viruses before commercial alternatives, and can intercept phishing attacks too.

So, there are tools available, but what's the best way to implement them? In this project, we're creating a mail server that's capable of hosting several domains, with messages delivered both to mailboxes on the server, and to other machines, when spam and virus checks have been carried out. We'd naturally like it to be as secure as possible.

For some, Linux is the obvious choice for this type of project. Here, though, we've opted for OpenBSD 3.6, a Unix-like operating system that is secure by default; when you install it, you won't find things like mail, web and ftp servers running automatically. Instead, those things will only be running - and potentially vulnerable - if you explicitly enable them. It has a very good track record in security, and there's a wide range of pre-compiled packages available, making it easy to get up and running.

Besides the operating system, we need to decide on an email system; and in this we were guided by experience and two excellent pieces of documentation, from Scott Vintinner and Kris Nosack; without their How to documents , this project would have been much harder. The email system they used is Postfix and that's what we're going to use too. It's much easier to configure than Sendmail and can be set up in a fairly secure way - of which more next month.

Another key choice is the hardware to use; if you've decided on an operating system, that will to a large extent determine what you can buy, since you need to be sure the drivers are available; the hardware section of the OpenBSD web site is invaluable here, for checking that things like Ethernet cards and disk controllers will work.

We wanted a compact system, to fit in a rack mounting case, and that led us to the Mini ITX store , where we opted for a Via Epia PD6000E motherboard. At only 600Mhz, that might not sound like much power, but in fact it's plenty for this type of mail server - with around 1500 messages going through it a day, our server spends most of it's time with only a few percent of CPU being used, ramping up to around 70% if several large messages arrive simultaneously.

Memory is important, so we opted for 512Mb, though again the system isn't using it all, leaving plenty of headroom for adding other services. A hard disk with 40Gb of space is sufficient, though it you anticipate users having large mailboxes on the server, you might want more. We partitioned our disk with around 20Gb for user files (/home), and 10Gb for spool files in /var, which includes mailboxes. The root partition (/) will fit in 1Gb, and 5 Gb for /usr leaves plenty of space for applications and source code. We have a temporary (/tmp) partition of 1Gb, enough to hold a full CD image for burning.

The motherboard incorporates two Ethernet ports, along with graphics, USB and PCI expansion. You may need to check manufacturers data sheets for your motherboard choice, to find out the chipsets used, then check those against the compatibility list.

Two items pushed up the cost - the rack mounting case, at around 149 plus VAT - and a slimline combo drive. The rack case needs a slim-line laptop style drive, and we opted to spend 69 plus VAT on a Panasonic slot-loading combo drive, so we can read DVDs and write to CD-R or CD-RW, enabling us to back up configuration files easily. These drives also need an adaptor at 9.50 plus VAT. Even so, including VAT and delivery, the system cost just 522.29.

If you have the DVD edition of PCW, you'll find two ISO disk images, which can be burnt to CDs. The first, cd36.iso, is a bootable installer for OpenBSD 3.6, while the second, PCWOpenBSD3.6.iso, contains the files needed by the installer. If you have the CD edition, you can download the cd36.iso image from the OpenBSD site and install over the internet, or support OpenBSD by buying a full set of official CDs.

When you've got your installation media ready, it's time to put your server together.

This article is part of a series or collection.

Click here for the next section.