Re: [qmailtoaster] Re: spam

Thu, 15 Apr 2010 14:38:51 -0700 

Not needed in squirrel.conf
as far as I can see, If I keep the default settings in the squirrel.conf , It works. 
Possiblt because I made the changes to the main httpd.conf file.
I have now disabled http access ( on prt 80 ) and forced https ( on port 443 ) 
Also added Atomic linux Blacklist IP`s to the firewall.
Looking at adding more ready made rules to the default spamassassin. ( from rulesemporium ) 
Disabled root access, and changed from the default ssh port
After some more testing I will make it " live " ( after a backup of cource ) then make the VM avaliable.
I can also put up my method on the wiki for all. If the mods think it usefull. 
more soon.
----- Original Message ----- From: "madmac" <sysad...@tricubemedia.com> 
To: <qmailtoaster-list@qmailtoaster.com>
Sent: Thursday, April 15, 2010 1:31 PM
Subject: Re: [qmailtoaster] Re: spam



Ok so far:
I have a new install of qmailtoaster.
All yum updates
All qmail updates.
Set tight RBL, SA-Updates
spamdyke, added 455 bad IP`s, added 9278 Know spammers,
Cron to clean spam, cron to clean trash, maildrop to log rotate.
Installed QcontrolIPE
Installed mod_ssl, openssl and Created self signed key, ( Thanks Todd it works )
Tested https://mysite.com and https://mysite.com/webmail, both work as far as I can see . they ask to verify certificate. 

when I modify the squirrel.conf as shown:
<IfModule mod_alias.c>
Alias /webmail /usr/share/squirrelmail
</IfModule>
<Directory /usr/share/squirrelmail>
  Options None
  Order allow,deny
  allow from all
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*/webmail.*)$ https://%{SERVER_NAME}$1 [L,R]
</Directory>

it does not redirect , as I think it should
eg: redirect http://mysite.com/webmail
to https://mysite.com/webmail

can any one confirm my settings are correct in the squirrel.conf file.
Can I reiterate , That VM ware is awsome for this kind of testing, just remember to do a snapshot. 
Thanks
----- Original Message ----- From: "Todd Beckstead" <to...@csdcpa.com> 
To: <qmailtoaster-list@qmailtoaster.com>
Sent: Tuesday, April 13, 2010 4:38 PM
Subject: RE: [qmailtoaster] Re: spam
One other tip. My ISO install had openssl installed, but not mod_ssl. I had 
to add that. See Step 1.
Todd

-----Original Message-----
From: Todd Beckstead [mailto:to...@csdcpa.com]
Sent: Tuesday, April 13, 2010 4:32 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: spam

I struggled with getting the info in the wiki to work for me too. Here's
a link to something that finally worked for me on my CentOS 5.4. I used
the info in Section 2.

http://wiki.centos.org/HowTos/Https

Good luck!
Todd

-----Original Message-----
From: madmac [mailto:sysad...@tricubemedia.com]
Sent: Tuesday, April 13, 2010 4:01 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: spam

Ok Guys n Gals

I  have rebuilt a new toaster on VM, from scratch. Using the
CentQMT5-1.2.0.iso
I am going to make this a ssl only, secure qmail server, if it kills me.
As
my current server is comprimised as previously posted.

Tried maNy sites to get a " self signed " ssl cert installed for
testing.
even here on the wiki:
http://wiki.qmailtoaster.com/index.php?title=Certificate&printable=yes
In there is a line that says you can self sign,
 a.. NOTE - For reference, here is the command to sign the request for
a
self signed certificate:
 1.. openssl x509 -req -days 365 -in servercert.csr -signkey
servercert.key -out servercert.crt
Can the poster or anyone else confirm that they have managed to get it
to
work ,

Or can anyone else help me get this installation secured.
I have added all the usual , clamav, spamassasin and spamdyke, also have
a
huge blacklist of IP`s and Spammers ( from another source )
I have disabled root to ssh, and changed the ssh port also, modified the

firewall to suite.

When all this is done I will also add "fail2ban", as sugested by Jake,
and
any hints on installing and configuring that would also be helpfull.

Notes
Previously tried but failed to get https://ipaddress/webmail to work.
even added what was sugested:

add these lines to your /etc/http/squirrelmail.conf file:

RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*/webmail.*)$ https://%{SERVER_NAME}$1 [L,R]

restarted apache also.

When I have done all the testing to confirm security, I will make it (
The
VM ) avaliable.

Thanks all:
madmac
----- Original Message ----- From: "madmac" <sysad...@tricubemedia.com> 
To: <qmailtoaster-list@qmailtoaster.com>
Sent: Friday, April 09, 2010 2:28 PM
Subject: Re: [qmailtoaster] Re: spam



Thanks Eric and Jake,

Will test fail2ban also on a VM
----- Original Message ----- From: "Eric Shubert" <e...@shubes.net> 
To: <qmailtoaster-list@qmailtoaster.com>
Sent: Friday, April 09, 2010 10:09 AM
Subject: [qmailtoaster] Re: spam



You should secure squirrelmail so that it only runs with https, so

that

passwords are not sent in the clear. To do so, configure apache with

a

valid cert (see http://wiki.qmailtoaster.com/index.php/Certificate),

then

add these lines to your /etc/http/squirrelmail.conf file:
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*/webmail.*)$ https://%{SERVER_NAME}$1 [L,R]

Then
# service httpd restart

madmac wrote:

Is there then a way to secure squirrelmail, or any other webmail

prog.

This is a default install of qmail with the  ISO.
Not having it is not an option, as most of the clients can only use
webmail as they are on the road daily.
 Thanks
 ----- Original Message -----
    *From:* Jake Vickers <mailto:j...@qmailtoaster.com>
    *To:* qmailtoaster-list@qmailtoaster.com
    <mailto:qmailtoaster-list@qmailtoaster.com>
    *Sent:* Thursday, April 08, 2010 5:53 PM
    *Subject:* Re: [qmailtoaster] spam

    On 04/08/2010 04:21 PM, madmac wrote:

    Well anyone that can guess my passwords must be amazing.
    Let alone get through the elaborate firewall system.
    ssh port is " non standard "
     But I agree, this box is compromised " some how "
     File count now at 9580 and counting




    Are all of the files that are "infected" from mailboxes?
    It does sound like your machine has been compromised. If you

leave

    Squirrelmail open (ie: no protection against password attacks)

or

    have other webapps running then this is the most likely place

for

    them to get in. Once they have an account's login credentials,

they

    can upload things to themselves and run them (don't ask me how -

I

    never looked at how they did it - I just fixed it) and then

brute

    force passwords from the local machine to obtain other access or
    whatever they are looking to do.
    I had one a year or so back where a guy installed phpbb - when

he

    came in the next day someone had emailed him his root password.

He

    reinstalled and put phpbb back on and had his machine

compromised in

    about 2 hours after that.



--
-Eric 'shubes'




------------------------------------------------------------------------
---------

Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and
installations.
     If you need professional help with your setup, contact them

today!



------------------------------------------------------------------------
---------

    Please visit qmailtoaster.com for the latest news, updates, and
packages.
    To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
    For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com








------------------------------------------------------------------------
---------

Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and

installations.

     If you need professional help with your setup, contact them

today!



------------------------------------------------------------------------
---------

    Please visit qmailtoaster.com for the latest news, updates, and
packages.
    To unsubscribe, e-mail:

qmailtoaster-list-unsubscr...@qmailtoaster.com

    For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com






------------------------------------------------------------------------
---------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and
installations.
     If you need professional help with your setup, contact them today!
------------------------------------------------------------------------
---------
    Please visit qmailtoaster.com for the latest news, updates, and
packages.

     To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
    For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com





----------------------------------------------------------------------------
-----
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations. 
     If you need professional help with your setup, contact them today!
----------------------------------------------------------------------------
-----
    Please visit qmailtoaster.com for the latest news, updates, and
packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com 
    For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com



---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. 
     If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 






---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) 
   Vickers Consulting Group offers Qmailtoaster support and installations.
     If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages. 
    To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 






---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
     If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
    Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com 
    For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Reply via email to