[HLUG] Content filtering server, email server, domain controller

[Matthew Macdonald-Wallace]

 Hi Paul, 
On  02/09/2009, 19:27, Paul Stenning (paul at vintage-radio.com) wrote:Hi all,

 

 I am looking into what is needed for a new server requirement at work 

 later this year.  If possible I would like to do as much as possible 

 with Linux and open source, and just use virtualised Windows for the 

 areas where Linux can't be used.  Some of the requirements are:

 

 Domain controller:  The clients are all Windows (will be XP Pro or Vista 

 Business) and we want to have a proper login system whereby people can 

 use their username and password on any PC and get their own desktop, 

 files and settings etc.  This is the sort of thing that Windows domains 

 do well.  Can it be done in Linux or would we need a Windows server for 

 the domain controller?
 I believe that  samba and openLDAP can do this.  They can definitely do the authentication, roming profiles I'm not too sure about.
  Email:  Currently the clients use Thunderbird to access email directly 

 from the web server using IMAP and send using SMTP.  We would like to 

 have our own email server which fetches email from the web server 

 (probably using POP3) every few minutes and which the users connect to 

 using Thunderbird and IMAP as now.  We would like to be able to retain 

 messages that the users delete for a period of time and to be able to 

 back up all email reliably.  We really do not want to head down the 

 Exchange/Outlook route.  What are our options with Linux?  Ease of 

 configuration would help of course!

Fetchmail, Cyrus or Dovecot for IMAP/POP3 and Exim4 for SMTP.  Or you could get a static IP and run your own POP3/IMAP/SMTP server. 
  Web content filtering:  We want to limit the websites users can access. 

   Some sites (adult, illegal content etc) would always be blocked, most 

 others would be allowed for a certain amount of time each day (say one 

 hour to allow people to use Facebook, BBC News, Amazon etc during lunch) 

 and a selected few would be accessible all the time (the ones needed for 

 work).  We would need to be able to override the 1 hour restriction on 

 an ad-hoc basis easily if someone needs more access on a particular day.

 
SQUID (also itegrates with OpenLDAP and can be used as a transparent proxy - i.e. one that your users are not aware of).  File sharing:  That's easy enough - Samba.  It needs to link into the 

 domain controller stuff though so it follows password changes.

 Easy to do.  Loads of tutorials out there on how to do this.

 Intranet and development web server:  Easy, Apache with PHP and MySQL.

 I'd recommend Joomla or Sugar for an intranet.  Don't underestimate the power of SugarCRM, it is not just a CRM system.

 Managing the whole thing:  Probably Webmin.  Remote access to this would 

 be very useful but that will probably be handled by VPN routers.

 Personal preference of course, but I'd always go with text files.  Webmin has been known to overwrite any manual changes made to a system and cause the system to completely stop working as a result.

 Eset anti-virus management:  That will have to be done with Windows in 

 vmware (or virtualbox if I can get it to work).

 I've not used Eset, but you can link ClamAV into Samba to provide virus protection on the network.

 Backup:  On my home server I am using Simple Backup to backup to a 

 removable USB drive every day.  It works reasonably well except it has 

 no way of notifying if the backup disk is full.  Backing up to tape 

 would be useful but there seems to be a shortage of easy-to-configure 

 tape backup applications.  It obviously needs to back up the email, 

 documents and all user desktop settings etc.

 BackupPC or Bacula are your best bets IMHO.

 If I can do most of this with Linux I will probably go for Ubuntu Server 

 8.04 LTS as that's what I'm familiar with.  CentOS is another possibility.

 

 So how much of this can be done with Linux, what packages are suggested 

 and how easy is it to configure?  Most is possible with Windows Small 

 Business Server (which uses the dreaded Exchange Server) with a separate 

 content filtering application, and I have done most of that with Windows 

 SBS for another client.  I'd like to do it with Linux this time though.
 Hope this is of some help, if you want any more advice on setting this up, feel free to contact me either on or off-list.Kind regards,Matt.