1. Introduction

In a previous document, we built redundant firewalls using the CARP and PFSYNC protocols; these were the first building blocks of a hypothetical, OpenBSD-based, small private network that we are going to build step by step across several documents.

Now that we have raised the "defensive walls" of our network, it's time to think about the services we want to provide. Offering a reliable and secure email service is probably one of the top priorities of most system administrators; therefore, in the next chapters, we will build a full-featured mail server, based on open-source software and focusing on security. The following is the list of the pieces of software we will use:

OpenBSD
the secure by default operating system, with only two remote holes in the default install, in a heck of a long time!;
Postfix
an MTA that started life at IBM research as an alternative to the widely-used Sendmail program and which attempts to be fast, easy to administer, and secure;
MySQL
the world's most popular open source database;
Courier-IMAP
a fast, scalable, enterprise IMAP server that supports MySQL and maildirs;
Cyrus SASL
the Cyrus implementation of the SASL protocol;
Amavisd-new
a high-performance interface between mailer (MTA) and content checkers (antivirus and antispam), written in Perl and optimized for Postfix;
SpamAssassin
a Perl-based mail filter to identify Spam, using a variety of mechanisms including header and text analysis, Bayesian filtering, DNS blocklists, and collaborative filtering databases;
ClamAV
a fast and easy-to-use open-source virus scanner.

A good knowledge of OpenBSD is assumed, since we won't delve into system management topics such as base configuration or packages/ports installation.