[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] Mail server

To: shef-lug [at] list.sheflug.org.uk
Subject: Re: [Sheflug] Mail server
From: Richard Lowe <nospam [at] richlowe.demon.co.uk>
Date: Wed, 22 Aug 2001 18:35:29 +0100
Envelope-To: <shef-lug [at] list.sheflug.org.uk>
List-Help: <mailto:shef-lug-request [at] list.sheflug.org.uk?subject=help>
List-Id: Sheflug <shef-lug.list.sheflug.org.uk>
List-Post: <mailto:shef-lug [at] list.sheflug.org.uk>
List-Subscribe: <http://community.uklinux.net/mailman/listinfo/shef-lug>,<mailto:shef-lug-request [at] list.sheflug.org.uk?subject=subscribe>
List-Unsubscribe: <http://community.uklinux.net/mailman/listinfo/shef-lug>,<mailto:shef-lug-request [at] list.sheflug.org.uk?subject=unsubscribe>
Reply-To: shef-lug [at] list.sheflug.org.uk
Sender: shef-lug-admin [at] list.sheflug.org.uk
User-Agent: Mutt/1.3.18i

* Richard Ibbotson (richard [at] sheflug.co.uk) wrote:
> Eliot
> 
> > The Idea is to learn how to setup the mail server, proxy server and
> > firewall.
> > I have never done this before does anybody know any good tutorials
> > that take you through it step by step.
> 
> Have a look at 
> 
> http://www.linuxnewbie.org        and 
> http://www.sheflug.co.uk/mail.html
> 
> this might give a few clues.
> 
> > The main point is to learn how to do it but I want Good guidance
> > to make it easy.
> 
> Thing about MTAs such as Sendmail or Exim or Postfix or the others is 
> that they all have security holes which are used by crackers to break 
> into your dialup system.  If you think that you won't be targeted 
> then you would have to be the only person on this planet who thinks 
> that the BT exchange is secure in any way.  

They do?
That sounds.... errrr.. less than correct to me.
Sure Sendmail has a long history of it, and Exim has had it's problems.
But Postfix? being known as one of the (along with Qmail) most secure
MTA's around, and with no serious (or even not so serius bugs) that I
can remember right now.

And a (very) quick glance at bugtraq reveals.. errr... nothing.
In fact, the only mentions of Postfix (in a search for Advisories) are
as the MTA in mail headers.

And the only instance of a vulnerability involving Postfix.
Applies only when integrated with Cyrus and Procmail, and (I quote)
"This does not represent a vulnerability in cyrus, procmail or postfix,
but instead a vulnerability in one method for integrating these tools."

> You have to learn somewhere and so Sendmail might be a good place to 
> start.  There are a few people on this list who can help you to 
> configure it.
> 
> After you've leaned to send mail you'll need a Fetchmail conf file 
> from somewhere.  Don't post passwords or IP addresses to this list or 
> any other.  Last week a lecturer from Manchester Uni was cracked in a 
> few minutes whilst downloading mail at home.  He was using Fetchmail.
> 
> Finally you'll need to configure Procmail to drop mail from your 
> gateway up to your workstation......  www.procmail.org  .... for that.
> 
> You'll need more help but I find it's best to give someone a few 
> clues and then let them take it from there.
> 
> A final word.  Even if you don't put all this mail stuff into your 
> firewall box - which you shouldn't - you may still find that your 
> third box which is your mail server gets cracked.  So, don't think 
> you know it all until you've used Linux for at least five years :)) 
> Even then you'll find that there's a lot of people out there who know 
> more than yourself.
> 

There isn't much need for boxes to be able to connect to your mail
server.

Maybe your ISPs mail server (although I'm not sure...)
and however you plan to read mail (either ssh, to the mail server, or
connecting via pop3 or imap, from another machine on your network (in
which case the pop3 daemon, or imap daemon, only need to accept
connections from your local network, and if you do choose the same
machine to be a mail server and firewall, don't even need to listen on
the external interface, unless you plan to read mail / allows others to
fetch mail, from remote hosts)

(fetchmail works, by retrieving the message via POP3, IMAP, or whatever,
and then resending it to a local server (or I believe, delivering
directly with procmail) so maybe nothing apart from locahost needs to be
able to connect to port 25 on the mail server, if you use fetchmail.

So have your shiny new firewall drop packets from every machine, apart
from the few (if any) you want to be allowed to connect.

-- 
[ Richard Lowe - richlowe - richlowe [at] richlowe.demon.co.uk ]
[            http://www.snowman.net/~richlowe/            ]

___________________________________________________________________

Sheffield Linux User's Group - http://www.sheflug.co.uk . 
To unsubscribe from this list send mail to 
shef-lug-request@list.sheflug.org.uk with the word
"unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.

Follow-Ups:
- [Sheflug] Re: Mail server
  - From: Richard Ibbotson <nospam [at] sheflug.co.uk>
- Re: [Sheflug] Mail server
  - From: Will Newton <nospam [at] misconception.org.uk>

References:
- Re: [Sheflug] Mail server
  - From: Richard Ibbotson <nospam [at] sheflug.co.uk>

Prev by Date: Re: [Sheflug] Monkey Stuff
Next by Date: [Sheflug] Re: Mail server
Prev by thread: Re: [Sheflug] Mail server
Next by thread: [Sheflug] Re: Mail server
Index(es):
- Date
- Thread