> -----Original Message-----
> From: Jim Stapleton [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, September 05, 2007 3:55 AM
> To: Ted Mittelstaedt
> Cc: Nikola Lecic; Russell E. Meek; freebsd-questions@freebsd.org
> Subject: Re: mail server setup questions
> > Jim posted here asking for help, using words and language that
> > gives serious doubt that he is competent to run a mailserver
> > of any kind.
> Knowledgeable and competant are two different things. If I were not
> competant, I would not bother attempting to get that knowledge that I
> lack.

Of course.  The fact you posted at all indicates your aware that
competence is learned and that you want to become competent.  A far
more admirable attitude than the people that assume that everyone is
completely competent at everything and calling someone incompetent
is the same as calling them a baby-killer.

> I don't  know the nitty gritty details about exactly what and how mail
> servers are encrypted.
> I don't know all the nitty gritty details about how everything talks
> and intercommunicates.
> I do know that that any time a password goes over the internet (not
> just LAN) it needs to be encrypted as securly as possible.

Only if there is a possiblity that the communication channel can be
tapped.  The phrase "going over the Internet" is so broad as to be
completely meaningless.  You can mean just about everything from
completely unencrypted wireless to an untappable OC3 between

Most password cracking takes place on the client - all the encryption
in the world won't protect you from clueless users who click on
URLs in e-mails they get.

> I do know that mail (and other) servers should live in jails.

They can if you want.  However I have never done so and never had
a mailserver rooted.  Of course, I have kept stuff reasonably
up to date - that is the other part of the issue.

In any case running in a jail does not really address the biggest
problems with mailservers - their hijacking by spammers and other
criminals.  By definition a mailserver transfers mail.  Putting
it's programs in a jail does not make it cease to transfer mail.
If such mail transfer happens between the people you want it to
happen between, then great.  But if you misconfigure the stuff you
have jailed, the mailserver will happily transfer mail between
the people you don't want it transferring mail from and everyone

> I do know not to run an open relay (take email from any server to
> deliver to any server, without authentication, and plan to achieve
> this by only allowing incoming mail).

I would submit you think you do.  For example, are you planning on
putting a webmail interface on the server?  A lot of people do.  Well
if you do and you put a scrap of CGI on there that has a hole in it
a spammer can come along and cause that to relay mail from incoming
http right into your mail queue.  He doesen't need root access to
do this.

> I do know that there is no such thing as too much paranoia when
> setting up a server.

Then you know 90% of what you need to know.

freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to