On Wed, Nov 16, 2005 at 07:40:54PM +0000, Jason Meers wrote [and I've fixed his quoting]: [>I wrote:] [>> Jason wrote:] >>> A new user doesn't *necessarily* need to know how to configure any of >>> the following if they haven't got a working server to begin with: >>> av_scanner >>> mime decoding and content checking >> I would say that one or other of these are virtually required on the >> modern internet. > I am not excluding them, but what use is an exim server configured for > AV scanning that won't start becuase the user can't comprehend > everything at once. > > Did your first ever attempt at building a mail server incorpoorate virus > scanning and mime decoding or did you have to learn in small steps?
No, my first attempt at building a mailserver and even an exim mailserver predates ILOVEYOU, and even many of the word macro viruses. At the time of those, you had to actually open the attachment to do anything. >> In postfix, you generally have to work out what special case Wietse >> was thinking of for your situation, qmail is just fuelled on so much >> crack, only one person in the world still uses smail, and, well, I'd >> trust Exchange as far as I could lob the box it runs on off a high >> cliff... > If only somebody had written a beginners guide... Erm, well, I didn't learn from posting to this list. I learnt by understanding the concepts of RFC821 (this predates 2821, obviously) and RFC1123 and RFC1425 (all of which have been basically merged into 2821). I then read the Bat Book (Sendmail) and wrote my sendmail config from that. When I switched to exim, I learnt from understanding the concepts in sendmail, understanding mail delivery, and reading the exim specification cover to cover. I then had an idea of what exim could do and how it could do it (by this time, exim was well into v3). It took me a while to switch to v4, but when I did, I did it by running convert4r4 on my by-now completely written-from-scratch (and rather complex) config, and rereading the version of the exim specification I was switching to, and getting some idea of the differences. For more recent upgrades, I've not needed to ask here, but I've merely looked at archives (I've been watching this list for a while), and read the relevant bits of the spec to update my config. > Think back, what if you were looking for help and somebody on the qmail > list or postfix list told you that... The qmail list is full of djb saying "well, that's not in my reading of the RFCs, so you couldn't possibly want to do it, and qmail won't let you". The patchfest that you have to install to get qmail to do anything useful is just not worth it. I know a lot of people who use postfix and like it, and if I were going to learn how to use it (for whatever reason) then I'd be sitting down and reading the manual, and looking at some sample configs and understanding what they do. >> if you're not prepared to deal with this, it could be possible that >> you're not suited to being a mail admin. > The example I showed is safe for a newbie to install: > - it uses "example.com" which has no MX records > - it does not allow domain literals > - it runs on a non-routable network address 10.0.0.0 This is in violation of the spirit (though not the letter) of RFC1918, which says you should choose a random small subnet in the private spaces to avoid future collisions. > If I install this configuration on a machine under my kitchen table how > is this a risk to the internet and other users (assuming you don't live > in the same house or break-in). Let's face it though, how many machines migrate from "under the kitchen table" to "my internet facing router", and how are these people to realistically evaluate the threats that face them. To go back to my analogy with driving, it's legal here to learn to drive on private land before you are 17, but that will teach you how to operate a car, not how to anticipate the actions of other road users, and isolate hazards on roads and deal with them - things that you have to learn to pass your driving test. What makes running a mailserver different in your mind? > My interst is not in showing new users how to write an open relay, most > of the articles I've written have been about securing servers. Giving > guidance actually helps users who don't know what they are doing. Absolutely, but giving guidance to those users, when they haven't wanted to actually understand the software they're using and more to the point, why they need to, seems like a potentially thankless and even worthless task to me at times. > Please have a look at a previous guide I wrote for the Exim Conference > in February, it will give you an idea of what I think we should have for > new users. > http://www.uit.co.uk/exim-conference/full-papers/jason-meers.pdf Will do, thanks for the link. MBM -- Matthew Byng-Maddick <[EMAIL PROTECTED]> http://colondot.net/ (Please use this address to reply) -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
