Re: [leaf-user] Qmail questions

Thu, 25 Dec 2003 18:22:48 -0800 

On Tue, 23 Dec 2003 22:13:34 -0600, Lynn Avants wrote:
>Kory.
>
<SNIP>

 It took me about 4 days to get everything setup correctly
>the first
>time.... then life got much easier. This may not be much comfort,
>but you
>might want to take a day off and let your mind clear. Reading all the
>different docs (I know you've read) on these programs and trying to
>swallow all the information at once tends to really muddy the water.
>There is something wrong with a configuration file or the logic of
>your setup and a days rest is what allowed everything to clear up
>again.
>
>After a mental rest, post the current config files to tinydns,
>qmail, the
>`ls -l` output of your user directories, the complete topology of
>your
>network, and the forwarding chains (from shorewall) to indicate
>what services are being allowed and forwarded.

Lynn and all,

Happy Holiday Wishes!!!

After a great home holiday I have done as Lynn, suggests and put this problem aside 
for a day. I am posting this this as a fresh start to debugging my DMZ web and mail 
server issues. Rather than try some fancy ascii art, I am just going to describe my 
network setup. It is quite simple:

Cable modem access to internet connected to a Bering 1.2 router with 3 interfaces set 
to the default config for a system with a DMZ. The router acts as a small file server 
for mail client storage with a small ide disk and samba.

eth0 - external I/F DHCP

eth1 - connects to loc lan mostly windows boxen using DHCP but assigns fixed IP's 
based on mac address domain is kroffts.home 192.168.1

eth2 - dmz, connects to single machine running stripped down Bering 1.2 with weblet, 
ssh and qmail domain is kroffts.dmz
192.168.10

The plan is to have the dmz host a mail server and web server for the domain 
kroffts.com which is registered at dnsexit.com who provides the dynamic dns service 
which points to my IP as updated with ez-ipupdate. My goal is to host my own email so 
I can set my own limits on message size and have [EMAIL PROTECTED] without paying fees 
to a hosting service. Additionally I am trying to learn new skills in how to setup and 
configure such services. The web server is a bonus over the mail server and will host 
very simple semi private pages.
So far, the web server works and is visible from outside the network but not from 
inside since I changed the dmz domain from kroffts.com to kroffts.dmz. Qmail is 
running but with the domain set at kroffts.dmz, I cannot send mail or receive it. 
While testing with the dmz domain set to kroffts.com I was able to send and receive 
mail but pop access was very slow and some mail clients would time out. The user 
lrpqmail was the only one able to receive mail.

Now the config files:

Router==========================================
packages in use

1) initrd
        2) ezipupd
        3) local
        4) modules
        5) pump
        6) shorwall
        7) ulogd
        8) samba
        9) dhcpd
        10) dnscache
        11) tinydns
        12) weblet

/etc/hosts

127.0.0.1       localhost.kroffts.home localhost
192.168.1.254   markii
192.168.1.1     coventry.kroffts.home coventry
192.168.10.1    kroffts.dmz dmz kroffts_web

/etc/resolv.conf

domain kroffts.home
nameserver 127.0.0.1
nameserver 192.168.1.254

/etc/tinydns-private/env/DNSTYPE

PRIVATE

/etc/tinydns-private/env/IP

127.0.0.1

/etc/tinydns-private/env/DOMAINS

1.168.192.in-addr.arpa
kroffts.home
10.168.192.in-addr.arpa
kroffts.dmz

/etc/tinydns-private/root/data

=localhost:127.0.0.1
localhost:127.0.0.1:a
1.0.0.127.in-addr.arpa:127.0.0.1:a
kroffts.home:127.0.0.1:a
1.168.192.in-addr.arpa:127.0.0.1:a

=markii.kroffts.home:192.168.1.254
=coventry.kroffts.home:192.168.1.1


/etc/shorewall/rules

#ACTION         SOURCE          DEST            PROTO   DEST    SOURCE  ORIGINAL
#                                                       PORT    PORT(S) DEST
#
#       Accept DNS connections from the firewall to the network
#
DROP            net             fw              tcp     67,68
DROP            net             fw              tcp     4662
DROP            net             fw              udp     4662
DROP            net             fw              icmp    8
ACCEPT          fw              net             tcp     80
ACCEPT          fw              net             tcp     53
ACCEPT          fw              net             udp     53
ACCEPT          dmz             net             tcp     53
ACCEPT          dmz             net             udp     53
ACCEPT          dmz             fw              tcp     53
ACCEPT          dmz             fw              udp     53
#
#       Accept SSH connections from the local network for administration of the DMZ
#
ACCEPT          loc             dmz             tcp     22
#
# Bering specific rules:
# allow loc to fw udp/53 for dnscache to work
# allow loc to fw tcp/80 for weblet to work
#
ACCEPT          loc             fw              udp     53
ACCEPT          loc             fw              tcp     80
#
#Enable Samba ports
ACCEPT          loc             fw              udp     137,138
ACCEPT          loc             fw              tcp     139
#
#Open http and mail ports on dmz
DNAT            net             dmz:192.168.10.1:80 tcp 80
DNAT            net             dmz:192.168.10.1 tcp    25
DNAT            net             dmz:192.168.10.1 udp    25
ACCEPT          dmz             fw              tcp    113 #Added for qmail reverse 
lookup
ACCEPT          loc             dmz             tcp     25
ACCEPT          dmz             net             tcp    110
ACCEPT          loc             dmz             tcp    110
ACCEPT          loc             dmz             udp    110
ACCEPT          loc             dmz             tcp     80
DNAT            net             dmz:192.168.10.1 tcp   110
DNAT            net             dmz:192.168.10.1 udp   110
DNAT            loc             dmz:192.168.10.1:80 tcp 80 - 24.210.193.152
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE



DMZ=================================================
Packages loaded
 1) initrd
 2) local
 3) modules
 4) pump (not currently used)
 5) daemontl
 6) qmail
 7) sshd
 8) weblet

/etc/network/interfaces

iface eth0 inet static
        address 192.168.10.1
        masklen 24
        broadcast 192.168.10.255
        gateway   192.168.10.254

/etc/resolv.conf
domain kroffts.dmz
nameserver 127.0.0.1
nameserver 192.168.1.254
nameserver 192.168.10.254

Qmail stuff

/var/qmail/control/me

kroffts.dmz

/var/qmail/control/rcpthosts

kroffts.dmz
kroffts.com
kroffts.home

/var/qmail/control/locals

kroffts.dmz

/var/qmail/control/defaultdomain

kroffts.dmz

/var/qmail/control/plusdomain

kroffts.dmz

/var/qmail/service/pop3d/run

#!/bin/sh
exec /usr/bin/softlimit -m 2000000 \
/usr/bin/tcpserver -v -R 0 pop-3 /var/qmail/bin/qmail-popup \
 kroffts.dmz /usr/bin/checkpassword /var/qmail/bin/qmail-pop3d \
 Maildir 2>&1

/etc/tcp.smtp

127.:allow,RELAYCLIENT=""
192.168.:allow,RELAYCLIENT=""


# ls -l /home/lrpqmail
drwx------    5 lrpqmail lrpqmail      100 Dec 24 18:46 Maildir

# ls -l /server/home/kkrofft
drwx------    5 kkrofft  mailuser      120 Dec 16 23:11 Maildir


Thanks to all who are able to suggest what I need to fix. I am sure I need work on the 
tinydns config on the router and some user config assistance on the qmail server side.

Thank you,

Kory Krofft




-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=click
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to