Re: [expert] Linux Mail Servers for Win clients
At 02:49 PM 3/4/2003 +, you wrote: http://www.mrw.demon.co.uk has a detailed how-to for installing qmail and qmail-pop3d on mandrake (Vince Danen maintains qmail packages for mandrake) qmail + qmail-pop3d works just fine with windows mail clients. There is also a qmail mandrakesecure mailing list if you are so inclined. Mark- As one who is not familiar with qmail how do you rate it against Postfix? I am seeing more and more sites using qmail, but sadly I don't know much about it. -Scott --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.456 / Virus Database: 256 - Release Date: 2/18/2003 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Linux Mail Servers for Win clients
At 02:32 PM 3/4/2003 +, you wrote: What I am puzzled about is the mail server. I have not used one myself and do not know if any of them, qmail, sendmail etc can talk to outlook or messenger.I have not seen the setup they have so am relying on the guy having given me the correct information at this stage. They would be happy for me to set up a new PC to do this job and I am keen to have a go. As far as I know this will be the first one in my area and want to encourage the use of Linux. Any ideas? Norm- Outlook and Messenger have POP3 capability so you would need: 1)An email server 2)A pop3 server. You can use sendmail, postfix, qmail, exim, whatever you want for email. I am migrating from Sendmail to Postfix. One word of caution - an email server needs careful planning and you need to make yourself familiar with setup and security. While Postfix is pretty secure by default one wrong setting and the spam world can use your system to get their messages out. So take the time to review the docs and spend some time getting comfortable with one email server. -Scott --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.456 / Virus Database: 256 - Release Date: 2/18/2003 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] iptables to block spam
At 03:57 PM 3/3/2003 -0800, you wrote: > iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP > I logged out and then tried to ssh back in and I was in just fine! Tried > to reach the web site > and again, no trouble. I then switched to this: Most likely, something before it is allowing it. I suggest that you change "-A" to "-I" to make it insert the rule at the beginning of the INPUT chain instead of appending it to the end of the chain. Oh that is IT! Thank you! With Bastille running I could not use -A, had to use -I. Of course I went to flush the rules with -F and made my machine disappear from the network and had to reboot it this morning :( Thanks Todd. -Scott --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.456 / Virus Database: 256 - Release Date: 2/18/2003 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] iptables to block spam
At 03:57 PM 3/3/2003 -0500, you wrote: >If you want to block access to a specific service then just modify the rule to appear this way. Something I forgot to ask is how many nics are you using? you may also have to >specify the interface they're coming in on as well. Ex: iptables -A INPUT -p tcp --dport 25 -s 209.0.0.0 -j DROP If you have two nics in the machine and your public interface, like mine is, eth1, then the rule would look like this: iptables -A INPUT -i eth1 -p tcp --dport 25 -s 209.0.0.0 -j DROP Or, you could write like this provided you have two nics; iptables -A INPUT -i eth1 -s 209.0.0.0 -j DROP Bastille's already existing rules shouldn't cancel out any additional rules you add to the firewall. That wouldn't exactly be a good thing. Mark- I have one interface on that machine and believe it or not I just copied the line above for blocking port 25 except I replaced the IP address with another machine here and tested it and it did NOT work. So I shut down Bastille and tried it and I was blocked! So something in Bastille is preventing me from manually entering chains to block and that sucks :( There must be a way around that. I guess I could try to duplicate the Bastille rules and make my own or figure out a way around Bastille blocking me from manually entering my own rules. -Scott --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.456 / Virus Database: 256 - Release Date: 2/18/2003 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] iptables to block spam
Heh, call me the idiot! It works *WHEN* I stop Bastille :) I am guessing that some rule in Bastille is over riding my iptables commands to allow the traffic! So, now I have to figure out the rules that Bastille is putting in place and write my own iptables script. Thank you to everyone! -Scott >his works for me... are you applying the correct rule on the right host? No need to log out/in... ssh to a host, say 192.168.1.1, then: iptables -A INPUT -s 192.168.1.1 -j DROP and the ssh connection should stop working. Verify with" iptables -L -v -n then re-enable with: iptables -F and the ssh conection should resume... --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.456 / Virus Database: 256 - Release Date: 2/18/2003 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] is there a big difference??
I would consider waiting for 9.1 before you upgrade the server. I bought the Pro Suite 9.0 edition and based on my experience with it and the experience of others I think I will wait for 9.1 before I upgrade a server. -Scott At 08:20 PM 3/3/2003 +0900, you wrote: Dear experts, my quest is simple, I'm running 8.2 prosuite on my server now but I'm thinking of using 9.0 standard (download) and just selecting some of the server packages.. my server is simple.. its a firewall/file server serving 3 windows boxes and 1linux box plus my notebook (linux of course!). So again is there a REALLY big diff from 8.2 server package and 9.0 download standard? Thanks for your replys in advance. Grasshopper -- Gavin Rollins Fukushimaken, Fukushima City Nankodai 2-34-1 Japan Registered Linux user #119685 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.456 / Virus Database: 256 - Release Date: 2/18/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.456 / Virus Database: 256 - Release Date: 2/18/2003 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] iptables to block spam
At 09:48 PM 3/2/2003 -0500, you wrote: > > iptables -A INPUT -s 209.8.161.0/24 -j DROP Ok, perhaps I am doing something wrong, I decided to test blocking my home connection to the server just to see if it would work. Doing this: iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP I logged out and then tried to ssh back in and I was in just fine! Tried to reach the web site and again, no trouble. I then switched to this: iptables -A FORWARD -s xxx.xxx.xxx.xxx -j DROP And again, I got in. Must I block per service and missing something when issuing the command? Thanks in advance. -Scott --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.456 / Virus Database: 256 - Release Date: 2/18/2003 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] iptables to block spam
Ok, I have a spam place this morning trying multiple servers to get into my mail server: 216.95.201.18, 216.95.201.31, etc. Let's say I want to block him totally at the mail server using iptables before he gets to Sendmail. I would do: iptables -A FORWARD 216.95.201.0/24 -p tcp --dport 25 -j DROP Does that look right? Thank you, -Scott At 12:48 AM 3/2/2003 -0600, you wrote: 209.8.161.0/24 will get 209.8.161.0 - 209.8.161.255. /16 will get 209.8.0.0 - 209.8.255.255 Is iptables running on your firewall, with the mail server behind it, or on your mail server? If the former, you might need to add this on the FORWARD chain, not INPUT. Keep in mind that you're blocking all services with that statement. add -p tcp --dport 25 to just block smtp. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.456 / Virus Database: 256 - Release Date: 2/18/2003 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] iptables to block spam
On Sun, 2 Mar 2003, . wrote: > 209.8.161.0/24 will get 209.8.161.0 - 209.8.161.255. /16 will get > 209.8.0.0 - 209.8.255.255 That is what I put in, yet this spammer still got through to Sendmail. > Is iptables running on your firewall, with the mail server behind it, or > on your mail server? If the former, you might need to add this on the > FORWARD chain, not INPUT. I have iptables on the mail server, so I should be using the forward command instead of input to block them? I am trying to block them at that particular machine. > Keep in mind that you're blocking all services with that statement. add > -p tcp --dport 25 to just block smtp. Yes, I guess I should just block them at smtp and not everything. -Scott Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] iptables to block spam
On Sat, 1 Mar 2003, Dave Laird wrote: > iptables -A INPUT -s 209.82.110.17/16 -j DROP will work to drop *everything* > from 209.82.110.x, regardless of the the fourth digits in the network > address. Unless I've gotten it backwards again (it's past my bedtime) 24 only > drops the 0 of your address, which might possibly be the gateway, depending > upon how they have configured their system. So I would use /16 for a Class C network? > I use the firewall to block undesirable IP's as needed, and it has proven, > time and again, to substantially reduce my spam loads. Also, if you want more > targets, go to http://www.iana.org/assignments/ipv4-address-space and look > up the IP blocks assigned to the primary sources of most pornographic spam. > Then block them by country. You'd be surprised at how spam levels will drop. I am blocking now at the Sendmail level using access lists and I get the lists based on email that makes it past SpamAssassin, I read the headers and go block. Most of my customers can deal with the printer ads, but it is the porn that bothers them most, especially when they have kids. -Scott Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] iptables to block spam
On Sat, 1 Mar 2003, tarvid wrote: > I do this at the border gateway for bulk mailers that present a heavy load to > my postfix mail server. The owner of the company is against blocking at the router so I am trying to do it on the mail server. > I use spamcop and a local RBL to catch some more. Similar here, I am using Spam Assassin and some custom access rules in Sendmail, but the problem is the amount of time that Sendmail spends rejecting this email so I was hoping to block them with iptables and take some load off Sendmail. -Scott Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] iptables to block spam
Until I can migrate my clients over to Postfix I have been using the access lists in Sendmail to block certain repeat spammers. I am wondering if I could just use iptables to block them and take the load off Sendmail? My question would be 1)Is that practical 2)Is the proper way to block an entire network this: iptables -A INPUT -s 209.8.161.0/24 -j DROP I added this, however traffic from this network is still reaching my mail server. I want to block EVERYTHING from that network as they are sending porn mail to my clients. Thanks, -Scott Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] wuftpd gone from ML 9? And updating in general....
At 10:13 PM 10/2/2002 -0500, you wrote: > Seen it...it's quite nice...and the login-from-db is a nice > thing...I just don't have enough users to warrant my writing a php > frontend for the silly thing, so I stick to proftpd :) Now...if you > put the one you are writing under GPL or another Free license, that > may change :) I plan to release it when I have it done. I am working with a client that wants to be to offer a web interface for them to upload files. Using pure-ftp with the MySQL back-end I will be able to create instant FTP access for the users as well. Might take me some time to work it out, but I will let the list know when it's done. -Scott --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.391 / Virus Database: 222 - Release Date: 9/19/2002 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] wuftpd gone from ML 9? And updating in general....
On Wed, 02 Oct 2002 18:09:23 -0500, Vox wrote > wu-ftpd has a looong history of bad security, so the mdk people has > (wisely, IMNSHO) chosen to use proftpd. But wu-ftpd does seem to be > in cooker, so...they may just have gotten rid of it on the release > ISOs. I am glad they left it out, it sent me looking for alternatives and found a perfect replacement! Pure-Ftp. I compiled it to use a MySQL database for login information so our staff can now grant FTP access with a web interface I am writting in PHP. They claim to have a great security record and it was designed from the ground up with the Linux kernel in mind. Check it out: http://www.pureftpd.org/ -Scott Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Radius
At 09:54 AM 10/1/2002 -0400, you wrote: >We've been using IC RADIUS (Cistron before) for a couple of years. What kind of modem racks are you running? >Curiously it is on the last RedHat server in the house. I don't think there >are any issues which would come up with Mandrake. There are rpm's for Red Hat 7.x, I did my typical try first, read doc if don't work routine yesterday and it said that I had to install MySQL Devel libraries, did that, but still had some trouble with it. I will let you know how I make out so if/when you convert your last RH box to Mandrake you know :) >We carry two local patches (one of them is moot) so changing requires a >bit of >effort. A lot of people are running FreeRADIUS and it has SQL support so that >would probably be my first choice on a new system To tell you the truth I am not sure why the owner of the company wanted IC Radius. I think he bought something called ISP Suite and they recommend that. The idea was to move Radius and Postfix to use MySQL for user authentication. Thanks for the reply. -Scott --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.391 / Virus Database: 222 - Release Date: 9/19/2002 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Radius
I am about to install Radius for our modem racks and was curious if anyone on the list is using Radius under Mandrake and if you are, which one? I am looking at IC Radius, but I see there is also Free Radius. Let me know your experiences, thanks! -Scott -- Scottah.com Web Mail Center Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Virtual Hosting Question
At 05:08 PM 9/23/2002 -0700, you wrote:
> ls -R | grep ":$" | sed 's#:$##' | awk '{print "\""$0"\""}' | xargs
> chmod g+s
Could I use something like this to set the proper ownership of a directory as
well?
I have copied all the user accounts from the BSDI machine to the Mandrake
box, then I used a shell script to set the proper ownership of the directories,
but I need to go in and set the sub directories. Here is the base script I am
working off of, but I don't think it likes the -R option.
grep /home/ /home/scott/homedirpass | awk -F: '{ print $1 " " $4 " " $6
; }' \
| while read pwuser pwgid pwhome ; do
[ -d $pwhome ] || ( chown $pwuser:$pwgid $pwhome )
done
homedirpass is a copy of the Linux passwd file after I ran the script to
convert the accounts to the new machine.
Thanks,
-Scott
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.391 / Virus Database: 222 - Release Date: 9/19/2002
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Re: [expert] ISP specific list
At 07:31 AM 9/26/2002 -0700, you wrote: >I think this is the correct forum for your questions. A lot of people >here (including myself) are running their own web / email / etc... servers >at home off of either dsl or cable internet. Not quite the scale of an >ISP, but the approach should be similar. Thank you, I think most of the questions would be related to most of the discussions on here. >Can't speak for that one, but there are also IRC channels devoted to >mandrake as well as the several lists What IRC channels and where? >I'm surprised to hear that you're switching from BSDI to Mandrake; why is >that? (just curious) Familiarity would be the main reason. The BSDI boxes are old and long past retirement age so it's time to move forward and Mandrake was the logical choice for me since I have been using it since the first version. -Scott --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.391 / Virus Database: 222 - Release Date: 9/19/2002 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] file block size
At 01:03 PM 8/22/2001 -0500, you wrote: > > Any advice on where to start? > >ReiserFS is perfect for the system having lots of small files. Can you change the default file block size? Want to buy your Pack or Services from MandrakeSoft? Go to http://.mandrakestore.com
[expert] file block size
Hi everyone- We are considering finally putting Mandrake in production to replace some outdated FreeBSD servers. We have 70gig raid controlled servers, but seem to have some trouble with changing the default file block size. This box will serve as a web server and we want to drop the file block size down to avoid using up the drives on little html files. Any advice on where to start? Thanks for your help. -Scott Want to buy your Pack or Services from MandrakeSoft? Go to http://.mandrakestore.com
