We can start with the following requirements: Public SMTP Public POP3 Public Webmail
iptables (very simple) rules: ------------------ start --------------------------- # default policies and flushing iptables -F iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT #localhost and established traffic iptables -A INPUT -i lo -d lo -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # smtp iptables -A INPUT -p tcp --dport 25 -j ACCEPT # pop3 iptables -A INPUT -p tcp --dport 110 -j ACCEPT # http iptables -A INPUT -p tcp --dport 80 -j ACCEPT # if you have https iptables -A INPUT -p tcp --dport 443 -j ACCEPT # if you need to access via ssh from outside: iptables -A INPUT -p tcp --dport 22 -j ACCEPT ------------------ end --------------------------- Be carefull if you are aplying these rules via ssh, it is recommended to do it via console. These are not "plug&play" rules, this is only an example of filtering rules for a mail server, you may need to modify them to suite your needs. These rules disable any forwarded traffic (be carefull if you are using this server as an Internet gateway). They control the traffic according to the input, all the output is enabled by default. Natalio On 10/11/05, Jack D. Martin Jr. <[EMAIL PROTECTED]> wrote: > > Natalio, > > I appreciate the help. I would love to have some examples - they are quie > helpful to me. Thanks in advance. > > Jack D. Martin, Jr. > Magic Wireless Internet Service Provider, LLC > [EMAIL PROTECTED] > P.O. Box 278 > Oilton, OK 74052 > (918) 862-1065 > (918) 605-9552 cellular > > -----Original Message----- > From: Natalio Gatti [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 11, 2005 2:59 PM > To: qmailtoaster-list@qmailtoaster.com > Subject: Re: [qmailtoaster] Installation Process > > In your firewall services you have to enable the services you are going tu > publish. > For sure, you will need to open port 25 (smtp) and 53 (dns), maybe 110 & 80 > if pop3 and webmail are going to be used from outside. > > Enable localhost to localhost traffic, so spamassassin can be used, and > webmail can use IMAP (port 143). > > If you need further assistance in your iptables rules, I can send some > example. > > Salutti, > Natalio > > On 10/10/05, seekuel <[EMAIL PROTECTED]> wrote: > > I agree to that... > > > > --- Aditya Nag <[EMAIL PROTECTED]> wrote: > > > > > This is not really related to the topic, but I just wanted to agree > > > with Jack.. You rock, Nick! > > > > > > This has to be one of the better mailing lists in the OSS community! > > > > > > > > > On 10/10/05, Jack D. Martin Jr. > > > <[EMAIL PROTECTED]> wrote: > > > > Thanks Nick - I will get on this tonite. What do > > > I need to do on the > > > > firewall and services? You are an awesome dude - > > > you keep this project > > > > rocking!!!! > > > > > > > > > > > > Jack D. Martin, Jr. > > > > Magic Wireless Internet Service Provider, LLC > > > > [EMAIL PROTECTED] > > > > P.O. Box 278 > > > > Oilton, OK 74052 > > > > (918) 862-1065 > > > > (918) 605-9552 cellular > > > > > > > > -----Original Message----- > > > > From: Nick Hemmesch [mailto:[EMAIL PROTECTED] > > > > Sent: Sunday, October 09, 2005 6:48 PM > > > > To: qmailtoaster-list@qmailtoaster.com > > > > Subject: RE: [qmailtoaster] Installation Process > > > > > > > > > Gabriel, > > > > > > > > > > What I am asking would apply to any distro. I > > > am not planning on > > > > > going to CentOS - not this week, and not ever. > > > I am not saying I > > > > > don't like CentOS, but that I have found one > > > that I like, and want to > > > > > stick with it. Many people use other distros. > > > What I am asking in a > > > > > simple fashion is: > > > > > > > > > > 1. How do I adapt the svcs script and firewall > > > script to work for me? > > > > > If not - what svcs and firewall settings need to > > > be in effect. This > > > > > information is sorely lacking int the toaster > > > directions. > > > > > 2. How do I adapt the install script to work > > > for me? What changes > > > > > should be made, or should I use the rpm rebuild > > > command? I would > > > > > think that information should be available > > > somewhere. > > > > > > > > > > This system is setup to make the installation > > > easier. It just needs > > > > > some tweaking to make it complete, for everyone. > > > I applaud the folks > > > > > that have worked this hard to get where it is > > > today, now I implore > > > > > them to make it even better. That is what has > > > drawn me to open source > > > > > software. I don't like the M$ tactics - but > > > their stuff is simple for > > > > > the novice. The toaster can be just as simple - > > > with more complete > > > > > directions and directives. I would love to help > > > build those - if I > > > > > can just get a simple answer to the few > > > questions I have asked. For > > > > > some silly reason - I want this project to do > > > well, I am basing a > > > > > server, my one and only mail server on that. > > > Maybe I am the silly one > > > > > - I don't know. Please don't ask my wife to > > > answer that one!!! We > > > > > are a very small wireless ISP in a rural area in > > > Oklahoma, and I mean > > > > > rural. We are going to use the toaster to > > > provide email services for > > > > > that ISP. As I have said in the past - I am a > > > linux newb, but the > > > > > people I have conversed with thus far, have sold > > > me on open source. > > > > > Sorry to ramble > > > > > - it is late, and has been a long week. I am > > > going to try to get this > > > > > thing completed tomorrow evening, I am just > > > looking for the answers to > > > > > make sure that a stupid mistake doesn't have me > > > re-formatting drives - > > > > > again. > > > > > Thanks. > > > > > > > > > > Jack D. Martin, Jr. > > > > > Magic Wireless Internet Service Provider, LLC > > > > > [EMAIL PROTECTED] P.O. Box 278 Oilton, > > > OK 74052 > > > > > > > > > > > > > > > > > Hi Jack, > > > > > > > > Try this. Should get all the deps you need. > > > > > > > > ~~~~~~~~~~~ begin file ~~~~~~~~~~~~~~~ > > > > > > > > #!/bin/sh > > > > # > > > > # Depedencies for Makdrake 2005 and mandrakelinux > > > 10.2 # installing > > > > qmailtoaster # # Be sure to remove sendmail or > > > postfix before installation # > > > > # Made from the work of Ben King # > > > > > > > > > > http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg00069.html > > > > # > > > > # Nick Hemmesch <[EMAIL PROTECTED]> > > > > # September 26, 2005 > > > > # > > > > > > > > urpmi apache2 apache2-common apache2-modules > > > apache-conf urpmi > > > > apache2-mod_php urpmi apache2-mod_perl urpmi > > > apache2-devel urpmi > > > > apache2-manual urpmi autoconf urpmi automake urpmi > > > automake1.7 urpmi bison > > > > urpmi bzip2 urpmi bzip2-devel urpmi curl urpmi > > > curl-devel urpmi expect urpmi > > > > flex urpmi gcc urpmi gcc-c++ urpmi gcc-cpp urpmi > > > gcc-java urpmi gdbm urpmi > > > > gdbm-devel urpmi libgmp3 urpmi libgmp3-devel urpmi > > > libidn11 libidn11-devel > > > > urpmi libidnkit1 libidnkit1-devel urpmi libxml2 > > > urpmi libxml2-python urpmi > > > > krb5-devel urpmi krb5-libs urpmi krb5-workstation > > > urpmi libgcc urpmi mysql > > > > urpmi mysql-bench urpmi mysql-devel urpmi mrtg > > > urpmi ntp urpmi openssl urpmi > > > > openssl-devel urpmi pam-devel urpmi pcre urpmi > > > perl-HTML-Parser urpmi > > > > perl-devel urpmi perl-Digest-HMAC urpmi > > > perl-Digest-SHA1 urpmi perl-Net-DNS > > > > urpmi perl-Time-HiRes urpmi php urpmi php-ldap > > > urpmi php-mysql urpmi > > > > php-pear urpmi rpm-build urpmi rpm-devel urpmi > > > rpm-helper urpmi rpmdrake > > > > urpmi rpmtools urpmi rpmlint urpmi rpm-python > > > urpmi sed urpmi setup urpmi > > > > setuptool urpmi spamassassin urpmi stunnel urpmi > > > which > > > > > > > > perl -e 'use CPAN; install Archive::Tar;' > > > > perl -e 'use CPAN; install Digest::SHA1;' > > > > perl -e 'use CPAN; install HTML::Parser;' > > > > perl -e 'use CPAN; install IP::Country::Fast;' > > > > perl -e 'use CPAN; install IO::Socket::INET6;' > > > > perl -e 'use CPAN; install IO::Socket::SSL;' > > > > perl -e 'use CPAN; install IO::Zlib;' > > > > perl -e 'use CPAN; install Mail::SPF::Query;' > > > > perl -e 'use CPAN; install MIME::Base64;' > > > > perl -e 'use CPAN; install Net::DNS;' > > > > perl -e 'use CPAN; install Net::SMTP;' > > > > perl -e 'use CPAN; install Net::Ident;' > > > > perl -e 'use CPAN; install Razor2::Client::Agent;' > > > > perl -e 'use CPAN; install Storable;' > > > > perl -e 'use CPAN; install Time::HiRes;' > > > > > > > > ~~~~~~~~~~~ end file ~~~~~~~~~~~~~~~ > > > > > > > > > > > > > > > > Mysql setup: > > > > > > > > ~~~~~~~~~~~ begin file ~~~~~~~~~~~~~~~ > > > > #!/bin/sh > > > > # > > > > # Setup mysql for qmailtoaster installation # # > > > Nick Hemmesch > > > > <[EMAIL PROTECTED]> # September 26, 2005 # > > > > > > > > # Set mysql root password > > > > MYSQLPW=your-mysql-password > > > > > > > > > > > > # Setup mysql for vpopmail > > > > ########################## > > > > > > > > # Setup root account > > > > > > > > mysqladmin -u root password $MYSQLPW > > > > mysqladmin -u root --password=$MYSQLPW reload > > > mysqladmin -u root > > > > --password=$MYSQLPW refresh > > > > > > > > # Create vpopmaildatabase with correct permissions > > > > > > > > mysqladmin create vpopmail -u root > > > --password=$MYSQLPW mysqladmin -u root > > > > > === message truncated === > > > > -- > > Best regards, > > > > > > Sandeil Tenebro, E.C.E. > > Linux Registered User #384410 > > > > > > > > __________________________________ > > Yahoo! Music Unlimited > > Access over 1 million songs. Try it free. > > http://music.yahoo.com/unlimited/ > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- > No virus found in this incoming message. > Checked by AVG Anti-Virus. > Version: 7.0.344 / Virus Database: 267.11.14/128 - Release Date: 10/10/2005 > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
