Re: [CentOS] courier mail for Centos
On 12/07/2012 04:56 PM, Bowie Bailey wrote: On 12/6/2012 8:42 AM, Robert Moskowitz wrote: Are there existing rpms for courier mta? I am working from: http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mysql-and-squirrelmail-fedora-14-x86_64 And am making progress with postfix and mysql, but looking ahead to other steps. I see squirrelmail is in EPEL. I don't know of any rpms in the major repos. However, the courier and courier-auth tarballs have spec files that make it VERY easy to build the rpms yourself. You don't even have to unpack the tarballs. Ask on the courier mailing list. Very friendly and the developer is active on the list. I have excellent instructions on using CourierMail. All packaged up very nicely. But I felt it would be 'good' to switch to the Centos 'supported' server, Dovecot. So I subscribed to the Dovecot mailing list and described what I wanted to do and asked for pointers to a tutorial to set it up that way. Well that was back on Friday morning. On reply yet... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] courier mail for Centos
On 06/12/2012 16:24, Les Mikesell wrote: On Thu, Dec 6, 2012 at 10:13 AM, Robert Moskowitz r...@htt-consult.com wrote: Filtering Inbound Firewalls are generally useless if the user of the system doesn't know what they're doing. A lot of intrusions these days are the result of inbound policy permitted traffic in causing someone to initiate an outbound connection that gets them hacked. And you expect someone to be better at stopping this with iptables and a 'howto' than dedicated hardware and vendor training/support? And outbound rule writing is very hard, as you have to sniff out traffic many times to figure out why an app is failing and then write a rule to allow that app out. More like impossible in the general case, although you can always get any specific case to work if you spend enough time at it. But to catch some of the most likely known problems you need packet inspection to at least the level of URL filtering. It's very difficult to build a technical firewall policy without a corporate Internet usage policy that backs it up. (Use of proxy for outbound traffic etc...), but with the right corporate policy in place it is possible to accomplish. There will always be some hosts that will have to be given full outbound access, not necessarily due to technical constraints, but due to procedural ones (devs won't or can't give the information on how the device needs to communicate). Full Outbound Access should be the exception rather than the rule - just think how clean the Internet would be if that was followed across the globe. -- Regards, Giles Coochey, CCNA, CCNAS NetSecSpec Ltd +44 (0) 7983 877438 http://www.coochey.net http://www.netsecspec.co.uk gi...@coochey.net ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] courier mail for Centos
On Fri, Dec 7, 2012 at 5:47 AM, Giles Coochey gi...@coochey.net wrote: Full Outbound Access should be the exception rather than the rule - just think how clean the Internet would be if that was followed across the globe. It would certainly provide job security for a lot of firewall administrators if it took human intervention to permit every new application to work Or you could replace 'clean' with 'useless' above. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] courier mail for Centos
On 12/6/2012 8:42 AM, Robert Moskowitz wrote: Are there existing rpms for courier mta? I am working from: http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mysql-and-squirrelmail-fedora-14-x86_64 And am making progress with postfix and mysql, but looking ahead to other steps. I see squirrelmail is in EPEL. I don't know of any rpms in the major repos. However, the courier and courier-auth tarballs have spec files that make it VERY easy to build the rpms yourself. You don't even have to unpack the tarballs. Ask on the courier mailing list. Very friendly and the developer is active on the list. -- Bowie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] courier mail for Centos
Are there existing rpms for courier mta? I am working from: http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mysql-and-squirrelmail-fedora-14-x86_64 And am making progress with postfix and mysql, but looking ahead to other steps. I see squirrelmail is in EPEL. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] courier mail for Centos
On Thu, Dec 06, 2012 at 08:42:05AM -0500, Robert Moskowitz wrote: Are there existing rpms for courier mta? Not by any reputable repo, no. Use dovecot which is supplied by CentOS. http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mysql-and-squirrelmail-fedora-14-x86_64 People _really_ must stop following garbage like howtoforge. This site inevitably advises to disable selinux and more often than not to do the same with your firewall. Both actions are foolhardy, at best, and downright reckless otherwise. Sigh, I just made the mistake of browsing through that article and I fear I have given myself brain cancer as a result. Using Fedora's F14 postfix which is no longer supported in any way by Fedora; patching it making it even more difficult to maintain on your own; the inevitable You should make sure that the firewall is off (at least for now) and that SELinux is disabled (this is important!). recommendation, etc. Bleah. Really, just forget that site exists. John -- Of all the preposterous assumptions of humanity over humanity, nothing exceeds most of the criticisms made on the habits of the poor by the well-housed, well-warmed, and well-fed. -- Herman Melville (1819-1891), novelist and poet pgp3morB8dknR.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] courier mail for Centos
John R. Dennison wrote: On Thu, Dec 06, 2012 at 08:42:05AM -0500, Robert Moskowitz wrote: Are there existing rpms for courier mta? Not by any reputable repo, no. Use dovecot which is supplied by CentOS. http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mysql-and-squirrelmail-fedora-14-x86_64 People _really_ must stop following garbage like howtoforge. This site inevitably advises to disable selinux and more often than not to do the same with your firewall. Both actions are foolhardy, at best, and downright reckless otherwise. snip Disabling selinux, or at least setting it to permissive, I agree with. Turning down your firewall?! Anyone suggesting that is, IMO, either a) clueless, or b) a malware user/vendor trying to make life easier. Can anyone think of any other possibilities? mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] courier mail for Centos
On Thu, Dec 6, 2012 at 9:13 AM, m.r...@5-cent.us wrote: Disabling selinux, or at least setting it to permissive, I agree with. Turning down your firewall?! Anyone suggesting that is, IMO, either a) clueless, or b) a malware user/vendor trying to make life easier. Can anyone think of any other possibilities? Someone with good site and subnet-level hardware firewalling. And a good feeling that all the bad guys are on the other side of the firewalls. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] courier mail for Centos
On 06-12-2012 15:41, Les Mikesell wrote: On Thu, Dec 6, 2012 at 9:13 AM, m.r...@5-cent.us wrote: Disabling selinux, or at least setting it to permissive, I agree with. Turning down your firewall?! Anyone suggesting that is, IMO, either a) clueless, or b) a malware user/vendor trying to make life easier. Can anyone think of any other possibilities? Someone with good site and subnet-level hardware firewalling. And a good feeling that all the bad guys are on the other side of the firewalls. Filtering Inbound Firewalls are generally useless if the user of the system doesn't know what they're doing. A lot of intrusions these days are the result of inbound policy permitted traffic in causing someone to initiate an outbound connection that gets them hacked. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] courier mail for Centos
On Thu, Dec 6, 2012 at 9:49 AM, Giles Coochey gi...@coochey.net wrote: On 06-12-2012 15:41, Les Mikesell wrote: On Thu, Dec 6, 2012 at 9:13 AM, m.r...@5-cent.us wrote: Disabling selinux, or at least setting it to permissive, I agree with. Turning down your firewall?! Anyone suggesting that is, IMO, either a) clueless, or b) a malware user/vendor trying to make life easier. Can anyone think of any other possibilities? Someone with good site and subnet-level hardware firewalling. And a good feeling that all the bad guys are on the other side of the firewalls. Filtering Inbound Firewalls are generally useless if the user of the system doesn't know what they're doing. A lot of intrusions these days are the result of inbound policy permitted traffic in causing someone to initiate an outbound connection that gets them hacked. And you expect someone to be better at stopping this with iptables and a 'howto' than dedicated hardware and vendor training/support? -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] courier mail for Centos
On 12/06/2012 09:15 AM, John R. Dennison wrote: On Thu, Dec 06, 2012 at 08:42:05AM -0500, Robert Moskowitz wrote: Are there existing rpms for courier mta? Not by any reputable repo, no. Use dovecot which is supplied by CentOS. http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mysql-and-squirrelmail-fedora-14-x86_64 People _really_ must stop following garbage like howtoforge. This site inevitably advises to disable selinux and more often than not to do the same with your firewall. Both actions are foolhardy, at best, and downright reckless otherwise. Sigh, I just made the mistake of browsing through that article and I fear I have given myself brain cancer as a result. Using Fedora's F14 postfix which is no longer supported in any way by Fedora; patching it making it even more difficult to maintain on your own; the inevitable You should make sure that the firewall is off (at least for now) and that SELinux is disabled (this is important!). recommendation, etc. Bleah. Really, just forget that site exists. I did this back using the F12 version of this howto, and then it was NOT on howtoforge. I still have it running on F12 and REALLY want to move off that. Almost everything in this tutorial is now available without doing things like disabling SELinux (btw, I move the SSH port and use semanage to accomidate that). It is good when someone does something good and then it comes easy. When I get this working, I will put together instructions to be published somewhere. The only part which I probably CAN'T do myself is the mysql frontend; I will be using phpMyAdmin for starters. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] courier mail for Centos
On 12/06/2012 10:13 AM, m.r...@5-cent.us wrote: John R. Dennison wrote: On Thu, Dec 06, 2012 at 08:42:05AM -0500, Robert Moskowitz wrote: Are there existing rpms for courier mta? Not by any reputable repo, no. Use dovecot which is supplied by CentOS. http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mysql-and-squirrelmail-fedora-14-x86_64 People _really_ must stop following garbage like howtoforge. This site inevitably advises to disable selinux and more often than not to do the same with your firewall. Both actions are foolhardy, at best, and downright reckless otherwise. snip Disabling selinux, or at least setting it to permissive, I agree with. Turning down your firewall?! Anyone suggesting that is, IMO, either a) clueless, or b) a malware user/vendor trying to make life easier. Can anyone think of any other possibilities? I always have ignored turning off the firewall; it is not hard in Gnome to alter basic firewall behaviour and allow for ports like 576 (or whatever that SMTP port is; not looking it up right now). In the past, turning selinux to permissive was my first step in setup, followed by moving SSH's port. Now I leave it as is and learn how to use semanage. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] courier mail for Centos
On 12/06/2012 10:41 AM, Les Mikesell wrote: On Thu, Dec 6, 2012 at 9:13 AM, m.r...@5-cent.us wrote: Disabling selinux, or at least setting it to permissive, I agree with. Turning down your firewall?! Anyone suggesting that is, IMO, either a) clueless, or b) a malware user/vendor trying to make life easier. Can anyone think of any other possibilities? Someone with good site and subnet-level hardware firewalling. And a good feeling that all the bad guys are on the other side of the firewalls. Which I have. A Juniper branch firewall that I was given for testing purposes. And I am subnetted up the gazoo; I have a 64 address CIDR allocation that I have subnetted to /29s and /28s. I also use RFC1918 extensively. Afterall, I am one of its authors :) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] courier mail for Centos
On 12/06/2012 10:49 AM, Giles Coochey wrote: On 06-12-2012 15:41, Les Mikesell wrote: On Thu, Dec 6, 2012 at 9:13 AM, m.r...@5-cent.us wrote: Disabling selinux, or at least setting it to permissive, I agree with. Turning down your firewall?! Anyone suggesting that is, IMO, either a) clueless, or b) a malware user/vendor trying to make life easier. Can anyone think of any other possibilities? Someone with good site and subnet-level hardware firewalling. And a good feeling that all the bad guys are on the other side of the firewalls. Filtering Inbound Firewalls are generally useless if the user of the system doesn't know what they're doing. A lot of intrusions these days are the result of inbound policy permitted traffic in causing someone to initiate an outbound connection that gets them hacked. Which is why you need to have your outbound also restricted. But then the things that go over port 80 is sad. Port firewalls can help with that. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] courier mail for Centos
On 12/06/2012 10:57 AM, Les Mikesell wrote: On Thu, Dec 6, 2012 at 9:49 AM, Giles Coochey gi...@coochey.net wrote: On 06-12-2012 15:41, Les Mikesell wrote: On Thu, Dec 6, 2012 at 9:13 AM, m.r...@5-cent.us wrote: Disabling selinux, or at least setting it to permissive, I agree with. Turning down your firewall?! Anyone suggesting that is, IMO, either a) clueless, or b) a malware user/vendor trying to make life easier. Can anyone think of any other possibilities? Someone with good site and subnet-level hardware firewalling. And a good feeling that all the bad guys are on the other side of the firewalls. Filtering Inbound Firewalls are generally useless if the user of the system doesn't know what they're doing. A lot of intrusions these days are the result of inbound policy permitted traffic in causing someone to initiate an outbound connection that gets them hacked. And you expect someone to be better at stopping this with iptables and a 'howto' than dedicated hardware and vendor training/support? And outbound rule writing is very hard, as you have to sniff out traffic many times to figure out why an app is failing and then write a rule to allow that app out. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] courier mail for Centos
On Thu, Dec 6, 2012 at 10:13 AM, Robert Moskowitz r...@htt-consult.com wrote: Filtering Inbound Firewalls are generally useless if the user of the system doesn't know what they're doing. A lot of intrusions these days are the result of inbound policy permitted traffic in causing someone to initiate an outbound connection that gets them hacked. And you expect someone to be better at stopping this with iptables and a 'howto' than dedicated hardware and vendor training/support? And outbound rule writing is very hard, as you have to sniff out traffic many times to figure out why an app is failing and then write a rule to allow that app out. More like impossible in the general case, although you can always get any specific case to work if you spend enough time at it. But to catch some of the most likely known problems you need packet inspection to at least the level of URL filtering. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] courier mail for Centos
On 12/06/2012 11:13 AM, Reindl Harald wrote: Am 06.12.2012 17:10, schrieb Robert Moskowitz: On 12/06/2012 10:41 AM, Les Mikesell wrote: On Thu, Dec 6, 2012 at 9:13 AM, m.r...@5-cent.us wrote: Disabling selinux, or at least setting it to permissive, I agree with. Turning down your firewall?! Anyone suggesting that is, IMO, either a) clueless, or b) a malware user/vendor trying to make life easier. Can anyone think of any other possibilities? Someone with good site and subnet-level hardware firewalling. And a good feeling that all the bad guys are on the other side of the firewalls. Which I have. A Juniper branch firewall that I was given for testing purposes. And I am subnetted up the gazoo; I have a 64 address CIDR allocation that I have subnetted to /29s and /28s. I also use RFC1918 extensively. Afterall, I am one of its authors :) but you did not understand feeling that all the bad guys are on the other side of the firewalls - these days believe their will never be attacks from infected machines and such crap from INSINDE the network is naive Actually I do, as I work in this area. Granted my job is secure communications, not secure OS/apps, but I work with the team that does deal with this. It goes back to my good friend Steve Bellovin where in his firewall book he called the firewall the crunchy outside and the corp net the chewy inside. He later was a strong advocate for per system firewalling; what we have today. When we keep it on, that is. Also why I want to get my DNS server off of the old Centos to current and my Samba and Mail servers also to current. Past due. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] courier mail for Centos
On Thu, Dec 06, 2012 at 11:08:07AM -0500, Robert Moskowitz wrote: I always have ignored turning off the firewall; it is not hard in Gnome to alter basic firewall behaviour and allow for ports like 576 (or whatever that SMTP port is; not looking it up right now). In the past, turning selinux to permissive was my first step in setup, followed by moving SSH's port. Now I leave it as is and learn how to use semanage. What an absolute lovely breath of fresh air :) Someone that actually takes their job seriously and makes use of the tools provided. This is so refreshing from the normal selinux-related nonsense that pervades the world. John -- There are men -- now in power in this country -- who do not respect dissent, who cannot cope with turmoil, and who believe that the people of America are ready to support repression as long as it is done with a quiet voice and a business suit. John V. Lindsay (1921-2000), US politician, Congressman, Mayor of New York City pgpIlovaTUhtM.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] courier mail for Centos
On Thu, Dec 6, 2012 at 1:25 PM, John R. Dennison j...@gerdesas.com wrote: I always have ignored turning off the firewall; it is not hard in Gnome to alter basic firewall behaviour and allow for ports like 576 (or whatever that SMTP port is; not looking it up right now). In the past, turning selinux to permissive was my first step in setup, followed by moving SSH's port. Now I leave it as is and learn how to use semanage. What an absolute lovely breath of fresh air :) Someone that actually takes their job seriously and makes use of the tools provided. This is so refreshing from the normal selinux-related nonsense that pervades the world. Sorry to burst your bubble here, but note that this is from a guy that says he hasn't changed things in years. The 'normal' selinux reaction to problems is not nonsense, just real life when you have a bunch of people trying to do new things and a tool that is designed to restrict them. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] courier mail for Centos
On Thu, Dec 06, 2012 at 01:30:40PM -0600, Les Mikesell wrote: Sorry to burst your bubble here, but note that this is from a guy that says he hasn't changed things in years. The 'normal' selinux reaction to problems is not nonsense, just real life when you have a bunch of people trying to do new things and a tool that is designed to restrict them. Then let me sum this up thusly. If anyone is in the habit of managing systems with selinux set to disabled because it's too hard or it takes too much time or any number of other ridiculous excuses instead of learning to properly manage the systems with the tools and documentation provided then they need to reconsider their chosen career path as they are quite obviously not cut out for systems administration / engineering. I manage many, many hundreds of systems. Not a single one has selinux disabled. I have _no_ problems in doing so Does it take a little time to do it when first installing a package without a pre-packaged policy? Yes; and this is one reason you don't do this type of thing in a production environment. Is it less time than it takes to recover from a compromise. Yes; _many_ times less. So you'll kindly pardon me if I don't accept lame excuses or what I consider faulty reasoning as to why one would not have selinux set to enforcing on any given box. I also consider any advocacy for disabling security tools versus understanding them and learning to work with them quite out of place on this or any other technical list. People should really just know better. As I know you'll want to get the last work in, Les, let it be known I won't reply to this thread any longer. The original author has already shown his willingness to do things properly and you just want a soapbox and I won't give you one. John -- He may be mad, but there's method in his madness. There nearly always is method in madness. It's what drives men mad, being methodical. -- G. K. Chesterton, The Fad of the Fisherman (1922) pgpeUNpC8Xcmv.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] courier mail for Centos
John R. Dennison wrote: On Thu, Dec 06, 2012 at 01:30:40PM -0600, Les Mikesell wrote: Sorry to burst your bubble here, but note that this is from a guy that says he hasn't changed things in years. The 'normal' selinux reaction to problems is not nonsense, just real life when you have a bunch of people trying to do new things and a tool that is designed to restrict them. Then let me sum this up thusly. If anyone is in the habit of managing systems with selinux set to disabled because it's too hard or it takes too much time or any number of other ridiculous excuses instead of learning to properly manage the systems with the tools and documentation provided then they need to reconsider their chosen career path as they are quite obviously not cut out for systems administration / engineering. I manage many, many hundreds of systems. Not a single one has selinux disabled. I have _no_ problems in doing so Does it take a little time to do it when first installing a package without a pre-packaged policy? Yes; and this is one reason you don't do this type of thing in a production environment. Is it less time than it takes to recover from a compromise. Yes; _many_ times less. snip The general CentOS mailing list: everyone's soapbox. We've got selinux on permissive on almost every system. Perhaps your boxes are almost all production: most of ours are either dev or research. Even the production boxes - most have websites or apps written by developers with *zero* knowledge of selinux. And then there are the third-party apps like that... or from the Windows world. For example, I've posted here in the past, and on the fedora selinux list, fighting CA's SiteMinder (we won't talk about the piece of crap that is, for which our tax dollars pay a *lot*), but it's *all* guesswork and makedo to even keep that working, and making selinux active would kill that most of the time, and we're *required* to use it. Must be nice, working in an environment that can enforce selinux. This ain't it. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] courier mail for Centos
I'd throw in to the mix - I have a lot of experience with *nix's - but limited time to learn things and must concentrate on what I need to know. I've never master SELinux and disable it - all the time. However, my needs are for my home network - which I administer. I have many hosts and quite a few VMs - but I don't think its worth my time nor effort to use SELinux. Am I lazy - yes. Do I care - no. Seems harsh what you said :( Maybe in a prod setting, you are correct - but chill :) This is a great mailing list...hate to see fighting or perceived fighting :( On Thu, 6 Dec 2012, m.r...@5-cent.us wrote: John R. Dennison wrote: On Thu, Dec 06, 2012 at 01:30:40PM -0600, Les Mikesell wrote: Sorry to burst your bubble here, but note that this is from a guy that says he hasn't changed things in years. The 'normal' selinux reaction to problems is not nonsense, just real life when you have a bunch of people trying to do new things and a tool that is designed to restrict them. Then let me sum this up thusly. If anyone is in the habit of managing systems with selinux set to disabled because it's too hard or it takes too much time or any number of other ridiculous excuses instead of learning to properly manage the systems with the tools and documentation provided then they need to reconsider their chosen career path as they are quite obviously not cut out for systems administration / engineering. I manage many, many hundreds of systems. Not a single one has selinux disabled. I have _no_ problems in doing so Does it take a little time to do it when first installing a package without a pre-packaged policy? Yes; and this is one reason you don't do this type of thing in a production environment. Is it less time than it takes to recover from a compromise. Yes; _many_ times less. snip The general CentOS mailing list: everyone's soapbox. We've got selinux on permissive on almost every system. Perhaps your boxes are almost all production: most of ours are either dev or research. Even the production boxes - most have websites or apps written by developers with *zero* knowledge of selinux. And then there are the third-party apps like that... or from the Windows world. For example, I've posted here in the past, and on the fedora selinux list, fighting CA's SiteMinder (we won't talk about the piece of crap that is, for which our tax dollars pay a *lot*), but it's *all* guesswork and makedo to even keep that working, and making selinux active would kill that most of the time, and we're *required* to use it. Must be nice, working in an environment that can enforce selinux. This ain't it. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Scot P. Floess RHCT (Certificate Number 605010084735240) Chief Architect FlossWare http://sourceforge.net/projects/flossware http://flossware.sourceforge.net https://github.com/organizations/FlossWare ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] courier mail for Centos
On 12/06/2012 09:15 AM, John R. Dennison wrote: On Thu, Dec 06, 2012 at 08:42:05AM -0500, Robert Moskowitz wrote: Are there existing rpms for courier mta? Not by any reputable repo, no. Use dovecot which is supplied by CentOS. http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mysql-and-squirrelmail-fedora-14-x86_64 People _really_ must stop following garbage like howtoforge. This site inevitably advises to disable selinux and more often than not to do the same with your firewall. Both actions are foolhardy, at best, and downright reckless otherwise. I have found a newer version of the howto: http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mysql-and-squirrelmail-centos-6.2-x86_64 I am going to email the author to get help on not implementing quotas (they caused me grief in the past). I am also going to ask him about dovecot/courier. And finally about disabling SELinux; what are the problems. I will probably be asking for help here! :) My limited experience with semanage is that it is slow for a change. At least the one I make for SSH port. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] courier mail for Centos
Robert Moskowitz wrote: On 12/06/2012 09:15 AM, John R. Dennison wrote: On Thu, Dec 06, 2012 at 08:42:05AM -0500, Robert Moskowitz wrote: snip I have found a newer version of the howto: http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mysql-and-squirrelmail-centos-6.2-x86_64 I am going to email the author to get help on not implementing quotas (they caused me grief in the past). I am also going to ask him about dovecot/courier. And finally about disabling SELinux; what are the problems. I will probably be asking for help here! :) My limited experience with semanage is that it is slow for a change. At least the one I make for SSH port. Yup, semanage *is* slow. On the other hand, you only do it a few times, one hopes. (Or until some developer does or wants something that's not packaged) mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos