1. Introduction

In a previous document, we built redundant firewalls using the CARP and PFSYNC protocols; these were the first building blocks of a hypothetical, OpenBSD-based, small private network that we are going to build step by step across several documents.

Now that we have raised the "defensive walls" of our network, it's time to think about the services we want to provide. Offering a reliable and secure email service is probably one of the top priorities of most system administrators; therefore, in the next chapters, we will build a full-featured mail server, based on open-source software and focusing on security. The following is the list of the pieces of software we will use:

the secure by default operating system, with only two remote holes in the default install, in a heck of a long time!;
an MTA that started life at IBM research as an alternative to the widely-used Sendmail program and which attempts to be fast, easy to administer, and secure;
the world's most popular open source database;
a fast, scalable, enterprise IMAP server that supports MySQL and maildirs;
Cyrus SASL
the Cyrus implementation of the SASL protocol;
a high-performance interface between mailer (MTA) and content checkers (antivirus and antispam), written in Perl and optimized for Postfix;
the #1 enterprise Open-Source spam filter, which uses a wide variety of local and network tests to identify spam signatures;
a fast and easy-to-use open-source virus scanner.

A good knowledge of OpenBSD is assumed, since we won't delve into system management topics such as base configuration or packages/ports installation.