Re: Debian mail server.
I'd recommend installing AMaViS along with some virus scanner. I'm using Kaspersky because it had a good recognition rate in a test and because those Russians care more about Linux than most other AV vendors. Also, AMaViS and the Kaspersky scanner can both run as daemons, saving repeated startups of heavy-weight programs. (Use amavisd, not amavis-perl, or even amavis-the-old-version ;-) If you are going to use the Kaspersky AV package + Postfix, I suggest using the avcheck package instead of the daemon that comes with Kaspersky AV. You'll find it here: http://www.corpit.ru/avcheck/ The readme file is ok and contains instructions for setting up the daemon in a chroot jail. Tarjei -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian mail server.
I'd recommend installing AMaViS along with some virus scanner. I'm using Kaspersky because it had a good recognition rate in a test and because those Russians care more about Linux than most other AV vendors. Also, AMaViS and the Kaspersky scanner can both run as daemons, saving repeated startups of heavy-weight programs. (Use amavisd, not amavis-perl, or even amavis-the-old-version ;-) If you are going to use the Kaspersky AV package + Postfix, I suggest using the avcheck package instead of the daemon that comes with Kaspersky AV. You'll find it here: http://www.corpit.ru/avcheck/ The readme file is ok and contains instructions for setting up the daemon in a chroot jail. Tarjei -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian mail server.
* Lars Roland Kristiansen [EMAIL PROTECTED] [020401 13:52]: I am going to configure an debian mail server for my company (only 20 emplyes) i have 2 40 gigs disk witch are going to run raid 1. I am going to configure it with wu-imap/pop3 and postfix. Is there any special security thing i should consider (the server is placed in DMZ becuase 2-3 people are going to get mail from it outside our internal network). What about the size of the partitions i was thinking. 100 megs for /boot 5000 meges for / rest for /var (just to make raid easier) Not because of security, but because of stability, you might thing of putting /var/mail and/or spool-directries as extra partitions to avoid overruns rendiering the system unusable. If allowing imap/pop without ssl, you might either seperate postfix and imap/pop in some extra account-managment, or make the accounts unuseable otherwise (i.e. no shell, no procmail etc) Hochachtungsvoll, Bernhard R. Link -- (C)2002 Google - Searching 2,073,418,204 web pages and skipping 4,475,243,576 pages under the DMCA -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian mail server.
hi ya lars - make sure the 2 disks is on 2 different ide cables.. - make sure its fd partition type - use secure pop3s or secure imap... http://www.Linux-Sec.net/Mail/secure_pop3.txt - since its pop ... supposedly internal corp users... i'd put the secure pop3s server inside the firewall - for those few that read mail from home... - let them in via ssh... maybe vpn them inside before secure pop3s connections to their mails ... - put sendmail on one machine and pop3s on a different machine - no common login name between pop3s accounts and user shell accts for size of partitions( everybody seems to have diff peferences and why its that way vs another.. ) / - small as possible 64MB - 128Mb /tmp- 128MB /var- 1GB for mail stuff /usr- 2048 or 4096MB for /usr stuff /opt- rest of the disk for user stuff ( /home, /usr/local ) more/collection of partition stuff ... http://www.Linux-1U.net/Installation/partition.gwif.html c ya alvin http://www.Linux-Sec.net On Mon, 1 Apr 2002, Lars Roland Kristiansen wrote: I am going to configure an debian mail server for my company (only 20 emplyes) i have 2 40 gigs disk witch are going to run raid 1. I am going to configure it with wu-imap/pop3 and postfix. Is there any special security thing i should consider (the server is placed in DMZ becuase 2-3 people are going to get mail from it outside our internal network). What about the size of the partitions i was thinking. 100 megs for /boot 5000 meges for / rest for /var (just to make raid easier) I will also put up iptables, webmin and sshd but no X. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian mail server.
On Monday, 2002-04-01 at 13:47:21 +0200, Lars Roland Kristiansen wrote: I am going to configure an debian mail server for my company (only 20 emplyes) i have 2 40 gigs disk witch are going to run raid 1. I am going to configure it with wu-imap/pop3 and postfix. Is there any special security thing i should consider (the server is placed in DMZ becuase 2-3 people are going to get mail from it outside our internal network). What about the size of the partitions i was thinking. I prefer cyrus IMAP, but that's a personal preference, i.e. no hard facts, just because WU FTPD is so bug-ridden. I'd recommend installing AMaViS along with some virus scanner. I'm using Kaspersky because it had a good recognition rate in a test and because those Russians care more about Linux than most other AV vendors. Also, AMaViS and the Kaspersky scanner can both run as daemons, saving repeated startups of heavy-weight programs. (Use amavisd, not amavis-perl, or even amavis-the-old-version ;-) Maybe also a filter that keeps obnoxious attachments away like scanmail. 100 megs for /boot 5000 meges for / rest for /var I'd separate out the postfix hierarchy and the IMAP hierarchy on separate volumes and watch them (and the others) with mon for space usage. And then because it's hard to guess how much space those will need, I'd use lvm. And a log-based filesystem, like ext3 to get faster boots with large filesystems. (ext3 had good marks in a recent test in c't. Most (all?) others put bad data in files after a crash.) I will also put up iptables, webmin and sshd but no X. I don't have to tell you that webmin is real dangerous in a DMZ. For remote access, I'd restrict to POP3 and IMAP over SSL. You could also tunnel POP3 and IMAP over SSL and relay them to an internal machine. Not much better, though. Maybe worse... Putting the IMAP server in a chroot jail would also give you an increase in security. HTH, Lupe Christoph -- | [EMAIL PROTECTED] |http://free.prohosting.com/~lupe | | I have challenged the entire ISO-9000 quality assurance team to a | | Bat-Leth contest on the holodeck. They will not concern us again. | | http://public.logica.com/~stepneys/joke/klingon.htm| -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian mail server.
On Mon, Apr 01, 2002 at 02:45:30PM +0200, Lupe Christoph [EMAIL PROTECTED] wrote: (ext3 had good marks in a recent test in c't. Most (all?) others put bad data in files after a crash.) That's because most of the others only do meta-data journaling and not file-data journaling like ext3 does (by default; see http://lwn.net/2001/0802/a/ext3-modes.php3 for details). -- Tim van Erven [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian mail server.
* Lars Roland Kristiansen [EMAIL PROTECTED] [020401 13:52]: I am going to configure an debian mail server for my company (only 20 emplyes) i have 2 40 gigs disk witch are going to run raid 1. I am going to configure it with wu-imap/pop3 and postfix. Is there any special security thing i should consider (the server is placed in DMZ becuase 2-3 people are going to get mail from it outside our internal network). What about the size of the partitions i was thinking. 100 megs for /boot 5000 meges for / rest for /var (just to make raid easier) Not because of security, but because of stability, you might thing of putting /var/mail and/or spool-directries as extra partitions to avoid overruns rendiering the system unusable. If allowing imap/pop without ssl, you might either seperate postfix and imap/pop in some extra account-managment, or make the accounts unuseable otherwise (i.e. no shell, no procmail etc) Hochachtungsvoll, Bernhard R. Link -- (C)2002 Google - Searching 2,073,418,204 web pages and skipping 4,475,243,576 pages under the DMCA -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian mail server.
hi ya lars - make sure the 2 disks is on 2 different ide cables.. - make sure its fd partition type - use secure pop3s or secure imap... http://www.Linux-Sec.net/Mail/secure_pop3.txt - since its pop ... supposedly internal corp users... i'd put the secure pop3s server inside the firewall - for those few that read mail from home... - let them in via ssh... maybe vpn them inside before secure pop3s connections to their mails ... - put sendmail on one machine and pop3s on a different machine - no common login name between pop3s accounts and user shell accts for size of partitions( everybody seems to have diff peferences and why its that way vs another.. ) / - small as possible 64MB - 128Mb /tmp- 128MB /var- 1GB for mail stuff /usr- 2048 or 4096MB for /usr stuff /opt- rest of the disk for user stuff ( /home, /usr/local ) more/collection of partition stuff ... http://www.Linux-1U.net/Installation/partition.gwif.html c ya alvin http://www.Linux-Sec.net On Mon, 1 Apr 2002, Lars Roland Kristiansen wrote: I am going to configure an debian mail server for my company (only 20 emplyes) i have 2 40 gigs disk witch are going to run raid 1. I am going to configure it with wu-imap/pop3 and postfix. Is there any special security thing i should consider (the server is placed in DMZ becuase 2-3 people are going to get mail from it outside our internal network). What about the size of the partitions i was thinking. 100 megs for /boot 5000 meges for / rest for /var (just to make raid easier) I will also put up iptables, webmin and sshd but no X. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian mail server.
On Monday, 2002-04-01 at 13:47:21 +0200, Lars Roland Kristiansen wrote: I am going to configure an debian mail server for my company (only 20 emplyes) i have 2 40 gigs disk witch are going to run raid 1. I am going to configure it with wu-imap/pop3 and postfix. Is there any special security thing i should consider (the server is placed in DMZ becuase 2-3 people are going to get mail from it outside our internal network). What about the size of the partitions i was thinking. I prefer cyrus IMAP, but that's a personal preference, i.e. no hard facts, just because WU FTPD is so bug-ridden. I'd recommend installing AMaViS along with some virus scanner. I'm using Kaspersky because it had a good recognition rate in a test and because those Russians care more about Linux than most other AV vendors. Also, AMaViS and the Kaspersky scanner can both run as daemons, saving repeated startups of heavy-weight programs. (Use amavisd, not amavis-perl, or even amavis-the-old-version ;-) Maybe also a filter that keeps obnoxious attachments away like scanmail. 100 megs for /boot 5000 meges for / rest for /var I'd separate out the postfix hierarchy and the IMAP hierarchy on separate volumes and watch them (and the others) with mon for space usage. And then because it's hard to guess how much space those will need, I'd use lvm. And a log-based filesystem, like ext3 to get faster boots with large filesystems. (ext3 had good marks in a recent test in c't. Most (all?) others put bad data in files after a crash.) I will also put up iptables, webmin and sshd but no X. I don't have to tell you that webmin is real dangerous in a DMZ. For remote access, I'd restrict to POP3 and IMAP over SSL. You could also tunnel POP3 and IMAP over SSL and relay them to an internal machine. Not much better, though. Maybe worse... Putting the IMAP server in a chroot jail would also give you an increase in security. HTH, Lupe Christoph -- | [EMAIL PROTECTED] |http://free.prohosting.com/~lupe | | I have challenged the entire ISO-9000 quality assurance team to a | | Bat-Leth contest on the holodeck. They will not concern us again. | | http://public.logica.com/~stepneys/joke/klingon.htm| -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian mail server.
On Mon, Apr 01, 2002 at 02:45:30PM +0200, Lupe Christoph [EMAIL PROTECTED] wrote: (ext3 had good marks in a recent test in c't. Most (all?) others put bad data in files after a crash.) That's because most of the others only do meta-data journaling and not file-data journaling like ext3 does (by default; see http://lwn.net/2001/0802/a/ext3-modes.php3 for details). -- Tim van Erven [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]