question on ldap/postfix/ease of use for end users regarding ldap

question on ldap/postfix/ease of use for end users regarding ldap

Post by pheonix1 » Mon, 08 Mar 2004 12:49:09



hello,
I've inherited a project at work to battle with spam.  There are 2 sparc
ultra2 servers running as email gateways to several internal IBM Domino
boxes.  The solaris boxes are running postfix version 2.
The problem is that they get a lot of spam aimed at non-existing users
from spoofed domains.  The postfix wasn't setup correctly....this is a
seperate issue that I'm working to fix.
The solaris question I have is in regards to ldap.
I've setup several Suse standard linux servers that come with postfix
and ldap integrated, so it's very quick to start setting up or migrating
data to the ldap server/email server.
The Domino boxes are running version 5 without ldap!
To really get control on spam I need to establish some sort of
authentication at the solaris boxes to valid users on the IBM boxes.
I'm leaning towards ldap, but I've never setup an email server/ldap
server on solaris.  The boxes are running version 7 for now, but we've
been approved to upgrade to version 8.  I've installed version 8 before,
it comes with sendmail.  I'll be running postfix so sendmail is
history...but the real issue is on the integration of ldap on solaris.
Do you have to setup everything from scratch on solaris 8 when you need
an ldap server or does it come as a nice package already like on Suse
linux?  That saves SO much time it's not funny!
I need ease of use for the users to be able to add or modify their info.
  From past experiences, I've seen ldap servers on solaris boxes without
web front-ends.  Everything had to be scripted....this is NOT an option.
Does sun provide something comparable to the Suse Linux enterprise
server where postfix and ldap are tightly integrated so it can run as a
complete email server solution?
Do any of the newer versions of solaris do this?  (9 or 10?)
Due to the issue with controlling spam, I have a lot of influence on
which OS to run.  If sun doesn't have a nice package like Suse does,
I'll probably be running Suse instead of solaris on the sparc
boxes...but I just want to make sure before I proceed.  I've been
reading the docs. on the sun site but they don't mention this too
much....I'll keep reading some more.

Thanks,

Oskar

 
 
 

question on ldap/postfix/ease of use for end users regarding ldap

Post by Bruno Saverio Delbon » Mon, 08 Mar 2004 13:50:15


[...]

Quote:> comes with sendmail.  I'll be running postfix so sendmail is
> history...but the real issue is on the integration of ldap on solaris.

[...]

Ldap can be integrated within solaris. Suse comes with openldap and
Solaris 9 comes with directory server 5.1 (with ds 5.2 being the current
releases). Depending upon what your company needs are you can either go
for openldap or choose directory server 5.x. (I'd suggest the latter as
performance is quite good with ds). However, setting postfix with LDAP
on Solaris is quite easy:

1) Install Solaris 8/9
2) Install openldap with pkg-get (blastwave.org)
3) Install sasl2
4) Install postfix by compiling manually. It's quite simple..(See:
http://pgienger.de/postfix/). The docs are pretty good.

Configure openldap/postfix and sasl as per your requirements.

Note: If you use ds as your backend ldap server then you'd still need to
link to openldap libraries and postfix would simply use the ldap
function calls to talk to the ds

5) Install activeperl (it's much better in performance from my
experience than the one shipped with solaris)
6) Install razor2/dcc with amavisd and spam-assasin.

Also use the strong UCE filtering capabilities of postfix.

Quote:> Do you have to setup everything from scratch on solaris 8 when you need
> an ldap server or does it come as a nice package already like on Suse
> linux?  That saves SO much time it's not funny!

It's a bit of work, but if you know what you're doing..it's a couple of
hours extra to setup. Not a biggie.

Quote:> I need ease of use for the users to be able to add or modify their info.

That's extra. Solaris 9 comes with apache or you can pkg-get apache2
from blastwave. There are many tools to setup web based ldap management.
I checked freshmeat.net and found GOsa

http://freshmeat.net/projects/gosa/

Quote:> Does sun provide something comparable to the Suse Linux enterprise
> server where postfix and ldap are tightly integrated so it can run as a
> complete email server solution?

Yes. Sun Java Messaging Server 6.0. We use iMS 5.2 here with a lot of
users and it works/scales quite well and you can have hooks with
spamassasin (We use it here with SA/Razor2/dcc)

http://wwws.sun.com/software/products/messaging_srvr/home_messaging.html

Quote:> Due to the issue with controlling spam, I have a lot of influence on
> which OS to run.  If sun doesn't have a nice package like Suse does,
> I'll probably be running Suse instead of solaris on the sparc
> boxes...but I just want to make sure before I proceed.  

Suse Sparc is too old. If you want to use linux on sparc checkout gentoo
instead. If this is something you're not willing to go for then x86
running suse might suffice (Also note that you're shelling money for the
suse enterprise server as well).

--
Bruno Saverio Delbono
Systems Engineer
Open-Systems Group (not-profit)            http://www.open-systems.org/
Email: Bruno.S.Delbono at {mail.ac,open-systems.org,wf0.com,lucifer.at}

 
 
 

question on ldap/postfix/ease of use for end users regarding ldap

Post by Thomas H Jones I » Sat, 13 Mar 2004 11:36:40


If you were to upgrade to Solaris 9, things would be dead simple for you.
Solaris 9 is seamlessly integrated with LDAP through it's stock PAM system.
Gettin PostFix to use the LDAP backend is as simple as setting PostFix
to authenticate via PAM (using the Cyrus SASL) routines. No need to
Specifically compile against any version of LDAP

Did it myself, so I know how simple it truly was.

-tom