Bob Tanner wrote: >Quoting Richard Hoffbeck (rwh at umn.edu): > > >> From a corporate point of view Exchange is a pretty sweet setup. In >>addition to integrating e-mail, address book and scheduling services, it >>makes it easy to apply consistent policies across the company. If the >>legal weenies say that internal e-mails should be archived for 6 months >>and external e-mails for 3 years, Exchange can do that for you. If you >>want deleted messages to be available for recovery for 45 days, Exchange >>can do that as well. Of course it integrates into the existing MS >>security model for dealing with authenticating users and assigning >>privileges, and it can provide access to pop/imap clients and web >>browsers as well. >> >> > >How would the above be done with open source tools? > Its not hard to get sendmail to a divert a copy of all mail to an admin account where you could run it through procmail to separate it into different archive queues. Where it gets tricky is when you have a bunch of attributes that apply to a user and you need to apply the all rules that apply to each of those attributes. An example might be that all internal mail is kept for 6 months while internal mail involving someone in sales is kept for 12 months. You need some way to determine if anyone involved with the message is in sales. Exchange can do something like this fairly easily because the user/group/security model is a lot richer than the one in 'stock' Unix. I would expect that LDAP could be configured to provide the same type of information that the MS domain model provides. You'd definitely want to build a tool to manage the LDAP data for the mail archiving, and at the least, a simple tool for defining rules in terms of the data available from the database. IIRC, there are also PAM modules that can work against a couple of the SQL servers so that would be a reasonable way to go as well. The undelete functionality is a bit harder. It's pretty simple with Exchange because the messages are stored in SQL Server. When I delete a message, its gone from Outlook, but it can stay in the database for whatever period the administrator chooses in case I made a mistake. That's much harder with the standard pop/imap servers, but would be a pretty easy fix if an imap server was running against postgres or mysql. You'd also want the calendar application to run against the same user/security database as the mail server so that you could control who gets to see/schedule your time, resources, etc. For example, at my last job I could schedule a meeting room, but only a receptionist could schedule a conference room, or projector, etc. The big advantage that MS has in this area is that everything integrates against their domain user/security model and that makes the administrator's life much easier. Unix has greatly expanded the options for authenticating users but the security model hasn't changed much in the last 20 years, i.e. user-group-world, and the whole user-group thing is pretty lame. Systems like AIX beef that up a bit by supporting access control lists but you still don't have the flexibility of putting together hierarchies of users & groups that meaningfully describe your organization. Supposedly the next major kernel release is suppose to provide hooks that will let people plug in alternative security providers which is a good first step towards providing a centralized resource for managing user/groups/privileges/etc. --rick