YAQR, iRedMail 0.8.1 on OpenBSD 5.1

    

There was a “The ultimate OpenBSD email server” thread on misc@ those days. After “Mailserv”, another response was “iRedMail”. Still interested in the subject, here’s Yet Another Quick Review of the iRedMail 0.8.1 on OpenBSD 5.1.

Quoting its website : iRedMail is a ZERO COST, full-featured, Open Source Email Server Solution released under GPLv2. Woaw… You saw that great fireworks and garland lights… Just kidding. Now, let’s see what you get.

Installation

This was done in a VMware virtual machine using OpenBSD 5.1/i386. Nothing particular to say ; it went smooth as described in the “Install iRedMail on OpenBSD” documentation. I used the OpenLDAP storage option.

BSD Magazine also published a detailed installation overview named “Deploy a Full-featured / Mail server on OpenBSD 5.1 with iRedMail” .

During the installation process, you get quite a few “Ambiguous: choose package for XXX” message from the package management system. Just select the version you want to use and that’s it. Note that this is the default behaviour of pkg_add(1). The post-installation commands, like linking PHP modules, seem to all be done automatically.

Once the installation is done, you get the closing sequence:

  ********************************************************************
  * URLs of your web applications:
  *
  * - Webmail: http://obsd.localdomain/mail/ or httpS://obsd.localdomain/mail/
  *   + Account: test@tumfatig.local, Password: xxx
  *
  * - Admin Panel (iRedAdmin): httpS://obsd.localdomain/iredadmin/
  *   + Username: postmaster@tumfatig.local, Password: xxx
  *
  
  ********************************************************************
  * Congratulations, mail server setup complete. Please refer to tip
  * file for more information:
  *
  *   - /root/iRedMail-0.8.1/iRedMail.tips
  *
  * And it's sent to your mail account test@tumfatig.local.
  *
  * Please reboot your system to enable mail services.
  *
  ********************************************************************

Keep the iRedMail.tips file safe, it contains the list of installed packages, management URL and credentials to access the services. The file’s content has been emailed to the “test@” account.

One thing that could be improved is to let the admin choose the first account to create, rather than creating a “test” account that every one will probably use to create their own admin account and delete.

Once the system has rebooted, you’re ready to use the GUI and configure your services.

The iRedAdmin interface

There is an online demo of the iRedAdmin-Pro interface available from the iRedMail.org. So what I’ll focus here is differences between the Free and Pro version.

The dashboard

The first thing you’ll notice is that the free version advertises for the pro version. I was quite surprised at first as I didn’t get that there were two versions and that the online version I had a look at was the “Pro”.

You can get the full details of differences between Pro edition and OSE here .

So, using the free version, you get the iRedAdmin version, the hostname and server load. Note that the iRedAdmin release version seems wrong as I installed “iRedMail-0.8.1” and it prints “iRedAdmin v0.1.8 (LDAP)”. The server load also looks weird ; the numbers seem correct but using from 6 or 12 digits is a bit too much.

I digged a bit, hopping to find some more statistics like mail in queue, total send mails for the last hours, … There doesn’t seem to be any. If you need this information, parse the maillog file yourself or buy the Pro version. What is annoying is that the online version doesn’t “live”. So you just can imagine how the statistics will be printed and how the search button will work.

Managing domains and accounts

Have a look at the feature comparison array to review every differences.

What I’ll note is that the OSE version doesn’t provide a view/feature for the admin users of domains. Also, no “catch-all” feature means no way to enable honey-pots, for example. No “domain alias” means you’ll have to create one-to-one user alias if your company has several email domains. Also have a look at “Throttling” and “Advanced” features of the Pro version… OSE has none of them.

Regarding uses, OSE won’t give you “email aliases”, “per user stats”, quota status or “mailing lists”.

The “Admins” tab looks the same in Pro and Free versions. In the OSE, you just won’t be able to attach an admin account to an email domain.

System status

From the “System” section, the difference is just huge. The OSE will provide information about basic operation, like user creation or logins. The Pro version is supposed to show lists of send/received/quarantine e-mails.

Sent/Received/Quarantine e-mail lists are an easy way to browse the logs. The “Search” button is also quite useful to grep from the GUI. But I must admit I was quite disappointed to not see any graphics. It would be very nice to get the hour/day/week/month metrics from RRDtool to get an idea of what usually happens on the server and if it is actually facing an expected charge.

The (White/Black)list management is also, according to me, a bit short on the features. Adding/Viewing/Removing entries is great. But there’s a “greylist status” missing ; forcing a grey status into black or white can be very nice, especially for remote servers not taking care of the retry value. And, it’s a good way to check if the public remote server ever send you that email confirmation you’re waiting for. The bonus feature would be getting accurate numbers about entry use ; that is knowing which entry (B/W/G) is mostly used. That would allow blocking traffic from the firewall level, for example, or tuning the Whitelist for services that send e-mail to you from a various number of mail servers (hear Facebook, Google +, …).

Maybe the Pro version gives you more information. But as I didn’t get how to send/receive mail from the demo platform, I could’t see how it deals with real life traffic.

Pricing

Final comparison between Free and Pro version is about cost. Regarding that, in both case, you’ll need hardware, skills and administrators, the price comparison is all about how worth are the “Pro” features. The prices are available on the “Purchase the latest iRedAdmin-Pro (full-featured edition)” Web page.

Whatever backend you’ll be using, the price is the same. Let’s sum the prices in some practical ways.

A one year license is $300 ; a lifetime license is $600.

Starting with a one year license (to be sure it fits your needs), then upgrading to lifetime license is $650 ($300 for Y1, then $350 on Y2).

Starting with one year license and renewing every year is a total cost of $300 on Y1, $500 on Y2, $700 on Y3, $900 on Y4.

Compare this to the cost of reading the Web to configure the various provided services (hear SMTPd, SPAMd …) and add a few Cacti/Nagios/Munin/…, it might hurts.

Comparing to an IronPort C3 with one year support gets you back on land: $3,500. Don’t get me wrong, I thing IronPort is *the best* e-mail protection solution which was ever made. But that particular quality does cost money. And you don’t have the IMAP server.

Comparing to the market “leader” (hear the one that sells the most), Microsoft Exchange Server 2010 will cost about $700 for a single “Standard” server. You have to add the about $600 for the Windows Server 2008 R2 Standard Edition. You won’t get much e-mails protection and no support from Microsoft ; unless you add a few couple of bucks. Also note that, according to me, Exchange is a big fucking mess when it comes to deal with the logs.

Conclusion

I will not use that particular bundle ; or at least, not until more features are available for free. And the “Pro” version is way to expensive. Both as a home customer and regarding the monitoring features. I may be a bit hard but I feel that the “Pro” version should be the “Free” version, or not far. And that the “Pro” version should provide the few missing features that I pointed out ; especially on the GreyList management and monitoring features. There also may be some way to add other anti-virus products (like Amavis does).

All in all, it’s not that bad. But not enough so that I drop my postfix(1), spamd(8), dovecot(1) configuration with SSH console and xymon(1) configuration.