Update release date.

[aox:aox.git] / doc / archiveopteryx.man

.\" Copyright 2009 The Archiveopteryx Developers <info@aox.org>
.TH archiveopteryx 7 2009-07-13 aox.org "Archiveopteryx Documentation"
.SH NAME
Overview of Archiveopteryx.
.SH SYNOPSIS
.B /etc/init.d/archiveopteryx {start,stop}
.PP
.B $CONFIGDIR/*.conf
.SH DESCRIPTION
.nh
.PP
Archiveopteryx is a mail server system optimised for long-term storage
and heavy access. It comprises a set of server programs that provide
access to mail stored in a relational database (PostgreSQL).
.SH "GETTING STARTED"
The following five steps should suffice to install Archiveopteryx. If they
don't, or if anything is unclear, more detailed instructions are
available at http://www.archiveopteryx.org/installation
.SS "1. Install Archiveopteryx"
Usually, this is as simple as:
.IP
.B "apt-get install archiveopteryx"
(on Debian)
.br
.B "portinstall archiveopteryx"
(on FreeBSD)
.PP
http://www.archiveopteryx.org/installation explains what to do in
other cases.
.PP
Use
.IP
.B $LIBDIR/archiveopteryx start
.PP
to start Archiveopteryx using the default configuration from
.BR archiveopteryx.conf ,
which tries hard to be sensible.
.SS "2. Add a user"
Run
.IP
aox add user
.I name
.I password
.I address@domain
.PP
to create a username and password.
.SS "3. Inject some test mail"
You can use
.BR deliver (8)
to inject some mail you already have.
.PP
This command injects all the messages from a berkeley mbox file:
.IP
formail -s deliver yourname@domain < mbox
.PP
.SS "4. Check that you can read mail"
The mail you just delivered is in your inbox, and you can read it with
any IMAP or POP3 client.
.SS "5. Configure your MTA"
The normal way to deliver mail from your MTA into Archiveopteryx is via LMTP.
By default, Archiveopteryx listens on 127.0.0.1 port 2026.
.PP
On aox.org we describe how to configure some common MTAs to work with
Archiveopteryx. See e.g. http://www.archiveopteryx.org/postfix for
.BR postfix (1).
.SH ARCHITECTURE
.PP
Archiveopteryx consists of a number of frontend servers, each of which uses
four backend servers:
.IP RDBMS
The RDBMS is where all the mail is stored. At present only PostgreSQL
is supported.
.IP logd
The log server is an internal server which filters log entries so
useful messages are logged while noise is suppressed.
.IP tlsproxy
This proxy performs TLS certificate and encryption services for the
other servers. It's based on Cryptlib.
.PP
Each server is described more fully in its own man page:
.BR logd (8),
.BR postgres (1)
and
.BR tlsproxy (8)
for the backends, and
.BR archiveopteryx (8)
for the frontend server, which serves IMAP, POP3, LMTP and/or SMTP and
perhaps webmail.
.PP
Normally, there is one
.BR logd (8)
process running. In addition there will be at least one
.BR postgres (1)
process running. There may be an arbitrary number of frontend server
and tlsproxy processes.
.PP
The servers use TCP to communicate internally, so they can be
distributed across a server cluster. Generally, one host will run the
database backend, one host (perhaps the same) will run
.BR logd (8)
and as many as required will run frontends.
.PP
The man pages for each server explain the use and configuration of
each. See
.BR archiveopteryx.conf (5)
for more about configuring Archiveopteryx in general.
.SH SECURITY
All Archiveopteryx servers run in chroot directories.
.PP
The user-facing servers run in a special jail directory. They have
neither read nor write access to this directory.
.PP
The internal servers, ie.
.BR logd (8)
and
.BR tlsproxy (8),
run chrooted to other directories. All of the servers close all open
files at startup and drop root privileges. By default they run as user
.IR $AOXUSER ,
group
.IR $AOXGROUP ,
although these names can be changed using
.BR archiveopteryx.conf (5).
.PP
The servers check that they lose prvileges as expected, and refuse to
start if they're too privileged.
.PP
Note that
.BR logd (8)
must have permission to create the
.IR logfile .
.SH MAIL STORAGE
Archiveopteryx does not store mail in the RFC-822 format. It parses each
message upon delivery, and stores a normalized representation, optimized
for fast and reliable search and categorization.
.PP
This offers the following advantages, among others:
.IP Performance
One example: Each address is stored exactly once, as Unicode and with
RFC-2047 encoding undone. Finding all messages sent from/to a given
name is extremely fast, because only a single SQL SELECT is necessary,
and it accesses just two small tables.
.IP "Long-term Stability"
Archiveopteryx handles today's common syntax problems and stores the
correct form in the database. Because of that, the mail reader which
looks at old mail in the year 2020 will not need to be bug compatible
with today's version of Microsoft Outlook.
.IP "Scalability and Flexibility"
Only the database size limits Archiveopteryx's capacity. Many other servers
limit individual folders to 2GB (or less), or cannot support more than
a few thousand subfolders/messages in a folder. With Archiveopteryx, you
don't need to invent workarounds for such artificial limitations.
.IP Robustness
Because mail is stored normalized and parsed, large attachments are
generally stored only once, and mail parsing exploits are rendered
harmless before reaching the MUA. A movie clip sent to a hundred
recipients is not a problem, because it's stored just once.
.SH LICENSING
Archiveopteryx is available under two
licences, namely the OSL 3.0 license and a commercial software license.
.PP
The OSL 3.0 (see http://www.archiveopteryx.org/opensource) is a fairly
restrictive open source license similar to the more well-known GNU
licenses. It includes a disclaimer of responsibility.
.PP
Our commercial license offers more flexibility than the OSL and a full
warranty. There are also extra services. Contact info@aox.org for
more details, or see http://www.archiveopteryx.org/commercial
.SH DEFAULTS
The configurable file and directory names in this build are as follows:
.IP SBINDIR
(where servers live) is
.IR $SBINDIR .
.IP BINDIR
(where other executables live) is
.IR $BINDIR .
.IP INITDIR
(where the startup script lives) is
.IR $INITDIR .
.IP MANDIR
(where manpages live) is
.IR $MANDIR .
.IP PIDFILEDIR
(where pidfiles live) is
.IR $PIDFILEDIR .
.IP LIBDIR
(where supporting files live) is
.IR $LIBDIR .
.IP JAILDIR
(the working directory of the user-facing servers) is
.IR $JAILDIR ,
and can be overridden using the
.I jail-directory
variable in
.BR archiveopteryx.conf (5).
.IP CONFIGDIR
(where the configuration files live) is
.IR $CONFIGDIR .
.IP LOGFILE
(the full name of the logfile) is
.IR $LOGFILE ,
and can be overridden using the
.I logfile
variable in
.BR archiveopteryx.conf (5).
.PP
These variables can be changed only by editing the file Jamsettings
and recompiling Archiveopteryx. Jamsettings also contains some variables
used only during compilation and/or installation, and some which
provide defaults for
.BR archiveopteryx.conf (5)
settings.
.SH FILES
.IP $CONFIGDIR/archiveopteryx.conf
contains the Archiveopteryx configuration.
.IP $LIBDIR/automatic-key.p15
contains a private key and self-signed certificate used by
.BR tlsproxy (8)
(and indirectly by the other servers).
.SH AUTHOR
The Archiveopteryx Developers, info@aox.org.
.SH VERSION
This man page covers Archiveopteryx version 3.1.2, released 2009-07-13,
http://www.archiveopteryx.org/3.1.2
.SH SEE ALSO
.BR archiveopteryx (8),
.BR archiveopteryx.conf (5),
.BR deliver (8),
.BR logd (8),
.BR tlsproxy (8),
http://www.archiveopteryx.org