GoogleApps + Postfix + Fetchmail (preparation)

Why all this

So, again about the eternal, about the organization of the mail server in the organization of medium size. It would seem that in this complex, you take any Linux distributiv, you put any mail-tested package of email programs (MTA, MDA, antivirus, antispam) and forget about it. But instead of the sweet life, you immediately receive spam streams both at the entrance and at the exit (if the health of your internal network leaves much to be desired). And at the same time, complaints from users about spam, unsent mail, etc. The new system administrators may lose heart here. But, there is a simple and quite elegant way out of this situation - to call for help Big Brother, that is, Google and hide behind his broad shoulders. In the proposed solution, Google services are used as backup mail storage, spam filter and antivirus, with which they do a great job, which any gmail user can confirm to you.
This path may also be of interest to organizations implementing the transition to open source software. Indeed, why pay for an extra Windows license and a license for Office on an employee's computer if the same functionality can be organized in free software (we will build mail with the help of Mozilla ThunderBird and an LDAP address book). In addition, this is not the only savings article, let's not forget about saving on anti-virus and anti-spam software. I don’t say about the increasing reliability of the mail system - the number of calls about problems with mail has been significantly reduced.
One of the most important ingredients of our recipe is the domain name and the ability to change its DNS records. I think, in most cases, this issue is resolved, otherwise what kind of organization that sends mail from mailboxes for general use. And we need the domain name to change the MX record and skip our mail through Google, which has some interesting services for this. For medium-sized organizations, a free package is enough for the eyes, let you not be disturbed by the limit of 50 accounts; there is also a mechanism for mail aliases, which you can create up to 30 pieces per account. The total number of mailbox names allowed is 30 * 50 = 1500. And this is something.

Where to begin

And it is worth starting with defining your desires. In many ways, they are of course dictated by the historical development of the IT infrastructure of the enterprise, but I think that the option proposed below will have sufficient generality.
So, we divide users into groups:

• 1. Office users are regular users of the local network of the head office.
• 2. Users in branch offices are usually external small groups of users of an organization of between 5 and 20 people united in their local network.
• 3. Mobile users are organization users who should be able to access their mail from anywhere using the most flexible and reliable technology possible.
• 4. External users - users of other organizations, contractors of our postal system.

This division allows us to distinguish between the requirements for the postal system. You should also immediately think about the mail storage scheme - whether the received messages will be deleted from the server by users, or the mail server will contain the entire history of correspondence. Depending on this, it is worth considering storage or backup of the mail archive, access protocol for mail clients (POP or IMAP), whether you need to open a web interface to mailboxes for users, or mail agents will be used. It is worth thinking about these questions in advance and aligning them with existing business requirements.
A system with centralized storage of the entire mail of the organization, using email clients (ThunderBird) and backup mail access via the web interface (IlohaMail) was suitable for my organization. For scalability, it was necessary to store the mail directory on the LVM partition in order to be able to connect new disks to increase the size of the storage.

General solution scheme

The local mail server is configured with authorization for all protocols (POP or IMAP, SMTP). Its task is to deliver local mail and relay outgoing to the provider's mail server. External mail for the domain is collected by Fetchmail from Google servers. The database of users lies on the Ldap server, which can be rendered separately. Only authorized users have access to both sending and receiving letters from the local mail server, which completely excludes the possibility for spammers to send us mail.
The scheme provides for the presence of mobile mail users who interact with the internal Postfix server using the forwarded POP3 or IMAP ports. For well-known ip-addresses (branches) can be open SMTP access to the internal server.