High availability SQL server setup
Hi all, For some time, I've been considering consolidating all/most of our SQL databases (all MySQL) onto a single dedicated cluster setup. I'm looking for feedback on the best way to do this. All of the options I've considered so far have both their drawbacks and benefits. From what I can tell, there's no one single way to be able to have everything that I want. Off the bat, I haven't found a way to create a cluster that can have more than one host in the cluster writable. My objective would be to start with two very high end boxes. One would sit in my primary location, the other a few blocks away over a gi fibre link. I would want the remote box to pick up immediately if the master server fails. I figure I could achieve this using network trickery for IP failover, CARP or the like and span a couple of vlans across the fibre. I would want each SQL server connected to separate edge routers to ensure both server and network resilience. Each box has two GigE NICs, so off the bat, I'd have each box doing VRRP to two separate edge gear at each location. My concern is, is that I can't envision how both boxes could possibly stay in a continuous state that would allow such fail-over, and fail-back. (fail-back is less of a concern...if it comes to it, I'd rebuild by hand if necessary). I've considered ZFS replication, but there could be several minutes worth of snapshot missing if the primary fails. I already have MySQL replication in many spots, but that's only one write master and read-only slaves. Can you provide any details or new ideas that I'm missing in order to have the holy grail of SQL redundancy? Cheers, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: High availability SQL server setup
Here's an article about multi-master replication on MySQL: http://onlamp.com/onlamp/2006/04/20/advanced-mysql-replication.html It's not rocket science ;) Ruben On Wed, Jan 20, 2010 at 08:06:15PM -0500, Steve Bertrand typed: Hi all, For some time, I've been considering consolidating all/most of our SQL databases (all MySQL) onto a single dedicated cluster setup. I'm looking for feedback on the best way to do this. All of the options I've considered so far have both their drawbacks and benefits. From what I can tell, there's no one single way to be able to have everything that I want. Off the bat, I haven't found a way to create a cluster that can have more than one host in the cluster writable. My objective would be to start with two very high end boxes. One would sit in my primary location, the other a few blocks away over a gi fibre link. I would want the remote box to pick up immediately if the master server fails. I figure I could achieve this using network trickery for IP failover, CARP or the like and span a couple of vlans across the fibre. I would want each SQL server connected to separate edge routers to ensure both server and network resilience. Each box has two GigE NICs, so off the bat, I'd have each box doing VRRP to two separate edge gear at each location. My concern is, is that I can't envision how both boxes could possibly stay in a continuous state that would allow such fail-over, and fail-back. (fail-back is less of a concern...if it comes to it, I'd rebuild by hand if necessary). I've considered ZFS replication, but there could be several minutes worth of snapshot missing if the primary fails. I already have MySQL replication in many spots, but that's only one write master and read-only slaves. Can you provide any details or new ideas that I'm missing in order to have the holy grail of SQL redundancy? Cheers, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: New mail server setup
Michael K. Smith - Adhost wrote: Steve Bertrand wrote: If anyone has a setup that has redundancy for their IMAP/POP services, and a method to keep the changing data relatively up-to-date, I'd love to hear about it. [ big snip ] Another approach would be a cluster of Postfix servers and Dovecot servers behind PF load balancers. We have 3 POP servers (IMAP/POP), 9 Mail Servers, 2 Defer servers and 5 Filter servers that process over 20 million messages a day without a blip. We can take individual servers out of the pool for maintenance, etc. Everything is fed to a set of redundant NAS for the data storage and common configuration files. Thanks Mike, I'm interested to learn a little more about your setup. I was going to take it off-list, but if you can provide some further details, it would probably add long-term value to keep it here. So, a couple of questions: - can your PF load balancers 'sense' when one of the Postfix/Dovecot units are down, or is this a manual change in config to prevent any time-out conditions? I like this load balancer idea. In my environment, it would be trivial to set up a couple of them, throw Quagga on them, and integrate them directly into our iBGP setup. On the other side, I could use VRRP or the like to ensure redundancy from front to back. - do the Postfix/Dovecot servers communicate with each other, or are they simply stand-alone units that don't know/care that they have other peers helping with the workload? - are your filter servers in front of, or behind the load balancers (iow, is all of your inbound email passed through the balancers, and then filtered/processed/delivered in behind them)? - how do all of the pieces communicate with the NAS...NFS? - could you share a small snip of your PF config in relation to load-balancing, so I can get a bit of a better understanding config-wise on how that piece hangs together? (I've never used PF, only IFPW ;) Thanks, and regards, Steve smime.p7s Description: S/MIME Cryptographic Signature
RE: New mail server setup
Hello Steve: I'll try to answer your questions in line. snip Another approach would be a cluster of Postfix servers and Dovecot servers behind PF load balancers. We have 3 POP servers (IMAP/POP), 9 Mail Servers, 2 Defer servers and 5 Filter servers that process over 20 million messages a day without a blip. We can take individual servers out of the pool for maintenance, etc. Everything is fed to a set of redundant NAS for the data storage and common configuration files. Thanks Mike, I'm interested to learn a little more about your setup. I was going to take it off-list, but if you can provide some further details, it would probably add long-term value to keep it here. So, a couple of questions: - can your PF load balancers 'sense' when one of the Postfix/Dovecot units are down, or is this a manual change in config to prevent any time-out conditions? Not natively. When we initially implemented this setup, ifstated wasn't up to snuff, so we wrote some PERL scripts that make connections to the required ports and, if no connection is established, pull the server from the table and send us an alarm. We also have scripts so that we can pull servers out when we're doing maintenance. I like this load balancer idea. In my environment, it would be trivial to set up a couple of them, throw Quagga on them, and integrate them directly into our iBGP setup. On the other side, I could use VRRP or the like to ensure redundancy from front to back. We use two PF boxes and CARP with PFSync for failover, so no dynamic protocols are needed. - do the Postfix/Dovecot servers communicate with each other, or are they simply stand-alone units that don't know/care that they have other peers helping with the workload? They are standalone. All of the user authentication is handled from a centralized database, so there are no local credentials stored on the server. - are your filter servers in front of, or behind the load balancers (iow, is all of your inbound email passed through the balancers, and then filtered/processed/delivered in behind them)? They are behind the PF boxes. We have other hooks in PF that we use to block SPAM in PF, including Cloudmark and some custom stuff that looks for multiple mails to non-existent addresses. We also use the overload tables for abusive connections. - how do all of the pieces communicate with the NAS...NFS? Yes. Originally we used TCP but we found performance to be much better with UDP. NFSv3 by the way. - could you share a small snip of your PF config in relation to load-balancing, so I can get a bit of a better understanding config- wise on how that piece hangs together? (I've never used PF, only IFPW ;) That might be difficult because it's about 720 lines. :-) Here are some highlights, though. 1) Our customers use mail.adhost.com for everything - SMTP, POP and IMAP. We use redirects in PF so that traffic coming in on the associated ports goes to the appropriate servers. 2) We have our load-balanced DNS servers behind the same PF boxes so we localize the tons of DNS queries related to mail. 3) We do a lot of our rejecting in PF, including Spamhaus, Cloudmark, check scripts for Phishing, Porn and Viruses, as well as our own list of Nefarious IP's culled from various sources. When traffic matches these originators, we send them to mail reject servers that send out a 550 message with the group name so we can find false positives more quickly. 4) Because 3 does have false positives, we have a whitelist that we can add to that will pass traffic to the mail servers before they match against any of the tables in 3. 5) We use POP before SMTP, so once we authenticate a user to send, their IP address is also added to an allow table. 6) The filter servers are load balanced to and from the mail servers so we can take them in and out of their pool for maintenance. If you have a particular scenario you're thinking about I could help you with the rules to make it work. Regards, Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: New mail server setup
Michael K. Smith - Adhost wrote: - can your PF load balancers 'sense' when one of the Postfix/Dovecot units are down, or is this a manual change in config to prevent any time-out conditions? Not natively. When we initially implemented this setup, ifstated wasn't up to snuff, so we wrote some PERL scripts that make connections to the required ports and, if no connection is established, pull the server from the table and send us an alarm. We also have scripts so that we can pull servers out when we're doing maintenance. Ok. I've done the above in similar situations numerous times, so that works. I like this load balancer idea. In my environment, it would be trivial to set up a couple of them, throw Quagga on them, and integrate them directly into our iBGP setup. On the other side, I could use VRRP or the like to ensure redundancy from front to back. We use two PF boxes and CARP with PFSync for failover, so no dynamic protocols are needed. I'll have to review this further. I'm not overly familiar with CARP (ie I've never used it), nor PFSync. My mentality for infrastructure gear (the balancers, not the servers) is always make each device connect to two different switches/routers, and try to make it dynamic in a way that it fits into our OSPF/iBGP design, so if necessary, we can move the entire thing to a different network segment, and not have to renumber. I'm getting a mental picture how I can have load balancing failover with the two devices, and network resiliency by having each balancer connected to different network segments (between buildings over fibre if I want). - do the Postfix/Dovecot servers communicate with each other, or are they simply stand-alone units that don't know/care that they have other peers helping with the workload? They are standalone. All of the user authentication is handled from a centralized database, so there are no local credentials stored on the server. Perfect...do your auth/acct db's generally reside on the same storage mechanism that the data does, in order to keep 'email related stuff' altogether? - are your filter servers in front of, or behind the load balancers (iow, is all of your inbound email passed through the balancers, and then filtered/processed/delivered in behind them)? They are behind the PF boxes. We have other hooks in PF that we use to block SPAM in PF, including Cloudmark and some custom stuff that looks for multiple mails to non-existent addresses. We also use the overload tables for abusive connections. Ok. We have a Barracuda cluster hanging off of one of our Internet facing edge routers, that filters then passes what it allows back into the network, and to the servers. The only reason I don't aggregate all of the mail systems together, is so that I can filter the spam as soon as possible upon ingress to our network, instead of having it traverse the core. - how do all of the pieces communicate with the NAS...NFS? Yes. Originally we used TCP but we found performance to be much better with UDP. NFSv3 by the way. Ok. [ snip ] If you have a particular scenario you're thinking about I could help you with the rules to make it work. I do, and that would be fantastic! I'll draw up a diagram this afternoon of what I envision. Where I'll need a bit of advice will likely be in the details, as opposed to the design, especially if I migrate completely away from our existing mail platform(s). Cheers! Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: New mail server setup
Steve Bertrand wrote: I'm looking potentially to try a different mail server setup. I'm requesting honest feedback from experienced mail ops. My minimum requirements: - IPv6 for all protocols - SPF - IMAP|POP3 must support SSL - SMTP AUTH - submit on 587 - MySQL backend for un/pw, vpopmail preferred, but not mandatory - Maildir storage preferred - easy (ie: well documented) integration with SA/clam - integration with maildrop .mailfiter preferred Right now I use a system wrapped around Qmail, and honestly, I just don't want to patch for IPv6 anymore. I've broken my personal system, so while I work on re-hacking everything, I thought I'd solicit some new ideas. I've been using the same email system pretty much across the board for seven years or so, so perhaps I should look at other options. Please cc me, as this addr isn't subscribed. I won't be receiving my list email from my backup mx until tomorrow, as it were ;) For an MTA: postfix does everything you want, it's not too shabby speed wise and the config files are reasonably comprehensible. For an IMAP/POP3 server: dovecot has the required functionality and unless you're dealing with thousands of user accounts it's probably a better alternative for you than the nuclear option of cyrus-imapd. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: New mail server setup
Matthew Seaman wrote: Steve Bertrand wrote: My minimum requirements: - IPv6 for all protocols - SPF - IMAP|POP3 must support SSL - SMTP AUTH - submit on 587 - MySQL backend for un/pw, vpopmail preferred, but not mandatory - Maildir storage preferred - easy (ie: well documented) integration with SA/clam - integration with maildrop .mailfiter preferred For an MTA: postfix does everything you want, it's not too shabby speed wise and the config files are reasonably comprehensible. For an IMAP/POP3 server: dovecot has the required functionality and unless you're dealing with thousands of user accounts it's probably a better alternative for you than the nuclear option of cyrus-imapd. Ok, I'm back up and rolling again. Thanks Matthew, and the others who replied off-list for all of the feedback. One thing that I forgot to ask in my original post was that of clustering. In our production network, we have a cluster of perimeter MX's, and a similar setup for our submission boxes (it's been a couple of years since we've strictly enforced AUTH for all clients). What I don't have, and have always wondered about, is live redundancy for the IMAP/POP services. I know that this would be a challenge to some degree considering the high volume of data changes. Perhaps a carp(4) setup between a couple of MDA's, where when the primary is up, a constant rsync pushes the data to the backup. Or perhaps a combination of rsync for manual changes, and a method to have the primary write the emails to a local disk, and a network disk simultaneously? If anyone has a setup that has redundancy for their IMAP/POP services, and a method to keep the changing data relatively up-to-date, I'd love to hear about it. Cheers, Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: New mail server setup
Steve Bertrand wrote: What I don't have, and have always wondered about, is live redundancy for the IMAP/POP services. I know that this would be a challenge to some degree considering the high volume of data changes. Perhaps a carp(4) setup between a couple of MDA's, where when the primary is up, a constant rsync pushes the data to the backup. Or perhaps a combination of rsync for manual changes, and a method to have the primary write the emails to a local disk, and a network disk simultaneously? If anyone has a setup that has redundancy for their IMAP/POP services, and a method to keep the changing data relatively up-to-date, I'd love to hear about it. Now, that is a different kettle of fish. This is a job for cyrus imap. I suggest googling for 'cyrus murder' -- this is almost, but not quite, a fully resilient mail store / IMAP system. Your mail store is divided into frontend IMAP protocol servers which handle user auth etc. and back-end mail stores. The protocol layer servers are fully resilient and you can fail over a user session at will, but the mailstores don't quite get there: mail is replicated across different stores, but actions modifying the mail store are not transactional across all the mail stores. Or in other words, you can lose a small amount of data if one of the mail stores goes bang at precisely the wrong moment. Even so, it will do better at keeping multiple copies of a mailstore in synch than any locally scripted rsync setup. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. Flat 3 7 Priory Courtyard PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW, UK signature.asc Description: OpenPGP digital signature
Re: New mail server setup
Matthew Seaman wrote: Steve Bertrand wrote: If anyone has a setup that has redundancy for their IMAP/POP services, and a method to keep the changing data relatively up-to-date, I'd love to hear about it. Now, that is a different kettle of fish. This is a job for cyrus imap. I suggest googling for 'cyrus murder' -- this is almost, but not quite, a fully resilient mail store / IMAP system. Your mail store is divided into frontend IMAP protocol servers which handle user auth etc. and back-end mail stores. The protocol layer servers are fully resilient and you can fail over a user session at will, but the mailstores don't quite get there: mail is replicated across different stores, but actions modifying the mail store are not transactional across all the mail stores. Or in other words, you can lose a small amount of data if one of the mail stores goes bang at precisely the wrong moment. Even so, it will do better at keeping multiple copies of a mailstore in synch than any locally scripted rsync setup. This is *EXACTLY* what I was looking for! The possibility of loosing an extremely small amount of data far outweighs the possibility of a multi-hour outage where 3,000 users are receiving can't reach the POP3 server errors. Besides, our incoming SMTP gateway boxes cache all incoming email for 24 hours, and we can re-deliver any message to the back-end we wish during that window. I really try my best to design/implement all the systems I can like our networks... multiple paths and extremely quick convergence. Being able to take a box down to test/perform an upgrade, or during a failure without client impact is well worth any initial large learning curve imho. Thanks, Steve smime.p7s Description: S/MIME Cryptographic Signature
RE: New mail server setup
-Original Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd- questi...@freebsd.org] On Behalf Of Steve Bertrand Sent: Wednesday, September 16, 2009 7:09 AM To: Matthew Seaman Cc: questi...@freebsd.org Subject: Re: New mail server setup Matthew Seaman wrote: Steve Bertrand wrote: If anyone has a setup that has redundancy for their IMAP/POP services, and a method to keep the changing data relatively up-to-date, I'd love to hear about it. Now, that is a different kettle of fish. This is a job for cyrus imap. I suggest googling for 'cyrus murder' -- this is almost, but not quite, a fully resilient mail store / IMAP system. Your mail store is divided into frontend IMAP protocol servers which handle user auth etc. and back-end mail stores. The protocol layer servers are fully resilient and you can fail over a user session at will, but the mailstores don't quite get there: mail is replicated across different stores, but actions modifying the mail store are not transactional across all the mail stores. Or in other words, you can lose a small amount of data if one of the mail stores goes bang at precisely the wrong moment. Even so, it will do better at keeping multiple copies of a mailstore in synch than any locally scripted rsync setup. This is *EXACTLY* what I was looking for! The possibility of loosing an extremely small amount of data far outweighs the possibility of a multi-hour outage where 3,000 users are receiving can't reach the POP3 server errors. Besides, our incoming SMTP gateway boxes cache all incoming email for 24 hours, and we can re-deliver any message to the back-end we wish during that window. I really try my best to design/implement all the systems I can like our networks... multiple paths and extremely quick convergence. Being able to take a box down to test/perform an upgrade, or during a failure without client impact is well worth any initial large learning curve imho. Thanks, Steve Hello Steve: Another approach would be a cluster of Postfix servers and Dovecot servers behind PF load balancers. We have 3 POP servers (IMAP/POP), 9 Mail Servers, 2 Defer servers and 5 Filter servers that process over 20 million messages a day without a blip. We can take individual servers out of the pool for maintenance, etc. Everything is fed to a set of redundant NAS for the data storage and common configuration files. Regards, Mike -- Michael K. Smith - CISSP, GISP Chief Technical Officer - Adhost Internet LLC mksm...@adhost.com w: +1 (206) 404-9500 f: +1 (206) 404-9050 PGP: B49A DDF5 8611 27F3 08B9 84BB E61E 38C0 (Key ID: 0x9A96777D) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
New mail server setup
I'm looking potentially to try a different mail server setup. I'm requesting honest feedback from experienced mail ops. My minimum requirements: - IPv6 for all protocols - SPF - IMAP|POP3 must support SSL - SMTP AUTH - submit on 587 - MySQL backend for un/pw, vpopmail preferred, but not mandatory - Maildir storage preferred - easy (ie: well documented) integration with SA/clam - integration with maildrop .mailfiter preferred Right now I use a system wrapped around Qmail, and honestly, I just don't want to patch for IPv6 anymore. I've broken my personal system, so while I work on re-hacking everything, I thought I'd solicit some new ideas. I've been using the same email system pretty much across the board for seven years or so, so perhaps I should look at other options. Please cc me, as this addr isn't subscribed. I won't be receiving my list email from my backup mx until tomorrow, as it were ;) Steve smime.p7s Description: S/MIME Cryptographic Signature
Server setup
I am setting up a new server and have a question. This server has three 8GB SCSIs, and one 160 GB IDE. I was interested in striping the SCSIs, which I have done. After installing FreeBSD 7 on the IDE, I set up the stripe and moved /var over to it. So, my first question would be whether I should put /var on the stripe or /usr ? My next question might be whether it was even worth striping the SCSI's and just installing, say, /var/log to one drive, /usr/home to another, etc Final question, assuming I go ahead with putting /var on the SCSI's, how do I now recover the partition that was being used by /var? There's about 3 Gb on there. Perhaps I could just mount it as /usr/ports? or should I choose a different approach? Thanks for any input. OH! BTW. This is going to be a backup server using BackupPC, so I will be installing an additional IDE later. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: need help debugging port mapping/server setup
Thanks to Doug and help from others..problem solved... With the help of tcpdump, I learned that packets from ssh were arriving at the host, however the port was being blocked by the local firewall which I configured to open. The packet forwarding from the router was working all the time. On Sun, Aug 10, 2008 at 4:06 PM, Kevin Smith [EMAIL PROTECTED] wrote: I have my freebsd system configured with a static IP behind an Apple Airport Extreme router using ethernet connection rather than wireless. I am trying to set up dynamic dns (with dyndns.com service) and I would like to open port 80 and others so that I can use my freebsd system as a web server. My freebsd system is set up with ddclient to associate dynamic ip address of router (I have DHCP connection to my ISP, the local connnection to my freebsd sytem is static ip address. Everything appears to be working and I am able to try to telnet the dyndns hostname and it returns the correct address of my router, but it does not appear that the router is forwarding the port request to the freebsd system. The port tools on the website for dyndns.com return that the ports I am testing are closed. (80, 21, 23) How do I debug this ? The AE router as a syslog that I have set for the highest level of debugging, but I do not see any port mapping requests in the. The router is set of for NAT enabled and I have entered the static IP address of my freebsd system associated with the desired ports that I want. A call to my ISP confirmed (at least they told me) that they do not block any ports. Any ideas on where to start ? Thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
need help debugging port mapping/server setup
I have my freebsd system configured with a static IP behind an Apple Airport Extreme router using ethernet connection rather than wireless. I am trying to set up dynamic dns (with dyndns.com service) and I would like to open port 80 and others so that I can use my freebsd system as a web server. My freebsd system is set up with ddclient to associate dynamic ip address of router (I have DHCP connection to my ISP, the local connnection to my freebsd sytem is static ip address. Everything appears to be working and I am able to try to telnet the dyndns hostname and it returns the correct address of my router, but it does not appear that the router is forwarding the port request to the freebsd system. The port tools on the website for dyndns.com return that the ports I am testing are closed. (80, 21, 23) How do I debug this ? The AE router as a syslog that I have set for the highest level of debugging, but I do not see any port mapping requests in the. The router is set of for NAT enabled and I have entered the static IP address of my freebsd system associated with the desired ports that I want. A call to my ISP confirmed (at least they told me) that they do not block any ports. Any ideas on where to start ? Thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: mail server setup questions
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of DAve Sent: Thursday, September 06, 2007 10:29 AM To: freebsd-questions@freebsd.org Subject: Re: mail server setup questions Don't wonder if qmail has flaws, go to CERT.org and search first for Sendmail, then Postfix, then Exim, then qmail. To say Anyone who even thinks that a piece of software that it 6 years old has no flaws had best re-think this., is simply FUD. He said no flaws, cert.org and friends only track security flaws, not other kinds of flaws. And cert.org and friends are only as good as the reports submitted to them. I would offer the suggestion that if every mail admin out there using qmail was not a mail expert, that it is unlikely that security flaws would be noticed or reported. In the last analysis, the absense of a particular piece of software from a security notification list is NOT proof that the software has no security flaws. You cannot prove a negative in this case. Ted PS I routinely use 6 year old software myself. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail server setup questions
Thanks a lot for all your suggestions! I will probably still start from exim but at least I know now that the choice is not that critical, especially for a small home server. Thanks again, Andrey ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail server setup questions - OT answer
On Thu, Sep 06, 2007 at 20:40 , [EMAIL PROTECTED] exclaimed Las Cucarachas entran, Pero no pueden salir, and then rambled on saying with: Date: Thu, 06 Sep 2007 13:28:59 -0400 From: DAve [EMAIL PROTECTED] Subject: Re: mail server setup questions To: freebsd-questions@freebsd.org Bill Vermillion wrote: [much deleted to make just one OT comment - wjv] Dave said: We use Sendmail on our gateways for it's excellent milter support and versatile configuration. It has more knobs than a recording studio. Before I became self-employed in the computer arena I was a recording engineer. The Sphere Eclipse C [that I had a lot of input on the layout] had over 3000 knobs/switches on it's 12-foot width. [weight just under 2000 pounds] And the front panel alignment adjustments on my Studer A-800 24-track totalled about 800. The vast majority were used only for initial setups. Of course will all the options under Sendmail I suspect that you could get close to that number. Bill -- Bill Vermillion - bv @ wjv . com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: mail server setup questions
-Original Message- From: Jim Stapleton [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 05, 2007 2:04 PM To: Ted Mittelstaedt Cc: Nikola Lecic; Russell E. Meek; freebsd-questions@freebsd.org Subject: Re: mail server setup questions I would submit you think you do. For example, are you planning on putting a webmail interface on the server? A lot of people do. Well if you do and you put a scrap of CGI on there that has a hole in it a spammer can come along and cause that to relay mail from incoming http right into your mail queue. He doesen't need root access to do this. I have never stated interest in putting web mail up in my to-do list, and in fact, have explicitly stated at least once, I've no intention of doing that. To be blunt, I don't trust it. I only use it for things on which I don't care about the security (ex. reading mailing lists). I care about the security of my server. The usual procedure if you want to make webmail secure is to field the webmail server on a separate box. (that is what we do) Just about all webmail interfaces I've tried use IMAP or POP3 to communicate with the mailserver, in fact, very few can read the mailboxes directly. There are other reasons you might want to run a webinterface on the mailserver, however. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: mail server setup questions
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Eric Crist Sent: Wednesday, September 05, 2007 1:21 PM To: Andrey Shuvikov Cc: freebsd-questions@freebsd.org Subject: Re: mail server setup questions On Sep 5, 2007, at 2:05 PMSep 5, 2007, Andrey Shuvikov wrote: Hi, I'm trying to set up a home mailserver with imap/web access. But I was going to use exim. Several people mentioned postfix here, but nobody named exim. Is it a matter of personal preference or is exim not suitable for this task? Andrey, I can't speak of exim or qmail, but I had used sendmail for nearly 10 years before switching to postfix. I switched was for support of virtual mail boxes, and better support for IMAP. Just a quick nit to pick here - delivering to virtual mailboxes is the job of the local delivery agent, not Sendmail. Many people have written scripts that deliver mail to mySQL databases, etc. to support virtual mailboxes, that work with Sendmail just fine. The IMAP server also has nothing whatsoever to do with sendmail, or any mail transfer agent for that matter. By definition, it's a completely separate server. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: mail server setup questions
-Original Message- From: Nikola Lecic [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 05, 2007 8:20 AM To: Ted Mittelstaedt Cc: Russell E. Meek; Jim Stapleton; freebsd-questions@freebsd.org Subject: Re: mail server setup questions On Wed, 5 Sep 2007 01:22:12 -0700 Ted Mittelstaedt [EMAIL PROTECTED] wrote: Your reaction is facinating considering the location implied by your e-mail reply address. I can perhaps understand your adversion to the use of metaphors in language - God know the Serbian propagandists warped the metaphor beyond the breaking point in your history and perhaps now, there is a horror of them there that will take generations to dissipate. Congratulations. Thanks! Much appreciated! Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: mail server setup questions
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Nikola Lecic Sent: Wednesday, September 05, 2007 11:13 AM To: Jerry McAllister Cc: Eray Aslan; freebsd-questions@freebsd.org; Ted Mittelstaedt Subject: Re: mail server setup questions I'm very disappointed that more official people on this list didn't say something like Ted, please respect our users from all countries, including those two countries you have mentioned Perhaps the silence might give you pause to consider? Very likely no one else considers themselves offended. Very likely that is because it was obvious to everyone else that no offense was ever intended. Very likely because everyone else also assumed that the idea of permitting non-nuclear states to buy nuclear warheads was universally regarded as a bad idea, and thus grasped the mailserver comparison instantly. Very likely because nobody understands what the problem is in the first place. That would include me, by the way. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: mail server setup questions
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Eric Sent: Wednesday, September 05, 2007 12:12 PM To: Andrey Shuvikov Cc: freebsd-questions@freebsd.org Subject: Re: mail server setup questions Andrey Shuvikov wrote: Hi, I'm trying to set up a home mailserver with imap/web access. But I was going to use exim. Several people mentioned postfix here, but nobody named exim. Is it a matter of personal preference or is exim not suitable for this task? Exim is a capable mailer as is postfix. I think its mostly a matter of preference but I havent delved into Exim too much. Personally I run Postfix and Dovecot for my mail server setup. Roundcube does a nice job in providing a front end on the web for Dovecot. Roundcube has an interesting Macalike interface (Mac users love it) but it has it's problems. For one thing it doesen't display properly on many web browsers. Unfortunately, with webmail interfaces, you have to pick the problems you want to deal with, none of them are without warts. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail server setup questions
On Thu, Sep 06, 2007 at 11:37:11AM +1000, Norberto Meijome wrote: On Wed, 5 Sep 2007 16:52:56 -0400 Bob Johnson [EMAIL PROTECTED] wrote: In case I haven't made myself clear, I despise Qmail with a passion. I suppose it is suitable for people who like puzzles (as in What patches do I need to make this do something useful? or What third-party tool do I need to make sense out of these awful log files?) and who don't mind inflicting lots of unnecessary secondary spam on the rest of the world. Yes, I know there are _supposed_ to be patches that fix that problem, but (a) the one I've seen in action doesn't work very well, and (b) you shouldn't need to apply third-party patches to your mail server to make it do what it is supposed to do in the first place. I second all these points. I think it's probably better to use sendmail than qmail. Sendmail at least supports most (all?) SMTP / antispam related features, it is well documented , and configurable to the extreme (with the caveat that its configuration may be a bit daunting to the un-initiated :D). I just realised that qmail appears over and over in Linux distros, or at least on linux servers i've had to suffer... not sure the relationship there (in design / philosophy...)... and I am really NOT wanting to start a flame war. Just a thought that crossed my mind as I was reading this thread. I haven't seen enough production FreeBSD systems set up by others to have any impressions about whether Linux admins are more likely to use Qmail than FreeBSD admins. I do get the impression, however, that the Linux admins who choose Qmail tend to do so for much the same reason that MS Windows admins choose Exchange: they think it's easier, that setting it up is just a plug-and-play, point-and-click sort of exercise. The fact that it's sending and receiving emails within a couple hours (starting from a clean box) seems to be the sum total of their metric for ease of setup, and all the hassle and annoyance that follows doesn't even enter into it. Just as MS Exchange basically requires its own admin, but nobody cares for purposes of judging how easy it is as long as the thing is minimally running within a couple hours, Qmail is an invitation for disaster -- but nobody cares as long as they can judge it by its security and stability statistics in a default (if essentially useless) configuration, and as long as they can configure it via some kind of point-and-click web interface. That's my experience, anyway. If Qmail is more common among Linux admins, I tend to guess Webmin probably is as well. -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] McCloctnick the Lucid: The first rule of magic is simple. Don't waste your time waving your hands and hopping when a rock or a club will do. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail server setup questions
On Thu, Sep 06, 2007 at 05:23:13AM -0700, Ted Mittelstaedt wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Nikola Lecic Sent: Wednesday, September 05, 2007 11:13 AM To: Jerry McAllister Cc: Eray Aslan; freebsd-questions@freebsd.org; Ted Mittelstaedt Subject: Re: mail server setup questions I'm very disappointed that more official people on this list didn't say something like Ted, please respect our users from all countries, including those two countries you have mentioned Perhaps the silence might give you pause to consider? Very likely no one else considers themselves offended. Very likely that is because it was obvious to everyone else that no offense was ever intended. Very likely because everyone else also assumed that the idea of permitting non-nuclear states to buy nuclear warheads was universally regarded as a bad idea, and thus grasped the mailserver comparison instantly. Very likely because nobody understands what the problem is in the first place. That would include me, by the way. . . . or maybe it's because this line of discussion looks ridiculous from both sides. Seriously. -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] W. Somerset Maugham: The ability to quote is a serviceable substitute for wit. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail server setup questions
On 9/5/07, Chad Perrin [EMAIL PROTECTED] wrote: On Thu, Sep 06, 2007 at 11:37:11AM +1000, Norberto Meijome wrote: On Wed, 5 Sep 2007 16:52:56 -0400 Bob Johnson [EMAIL PROTECTED] wrote: In case I haven't made myself clear, I despise Qmail with a passion. [...] I just realised that qmail appears over and over in Linux distros, or at least on linux servers i've had to suffer... not sure the relationship there (in design / philosophy...)... and I am really NOT wanting to start a flame war. Just a thought that crossed my mind as I was reading this thread. About five or seven years ago when sendmail was having a lot of security problems and people were looking for alternatives, qmail was reasonably well established and was widely recommended. So a lot of people switched to it (including the place where I now work), including several Linux distros. We were never very happy with it here, and I suspect that the reason it has such a following in the Linux world is either that they have never used an alternative (same reason Windows has so many fans), or to abandon it and move to something else would cause a sort of cognitive dissonance that prevents it from happening. I haven't seen enough production FreeBSD systems set up by others to have any impressions about whether Linux admins are more likely to use Qmail than FreeBSD admins. I do get the impression, however, that the Linux admins who choose Qmail tend to do so for much the same reason that MS Windows admins choose Exchange: they think it's easier, that setting it up is just a plug-and-play, point-and-click sort of exercise. The fact that it's sending and receiving emails within a couple hours (starting from a clean box) seems to be the sum total of their metric for ease of setup, and all the hassle and annoyance that follows doesn't even enter into it. For those people I recommend Courier. It was designed to be a drop-in replacement for Qmail, but without most of the flaws. The configuration files, for instance, are mostly the same. The biggest problem I've had when configuring Courier is that it tends to be overly determined to enforce RFC compliance and thus will not be friendly toward a lot of mail from various MS products. Find the configuration flag that turns off that behavior or users will complain about the results. The author makes a reasonable case for the default behavior (to do otherwise forces Courier to be non-compliant itself), but in the real world you have to be able to accept mail from MS products. I have used Courier at my previous job (about 200 users) and at home and I have no significant complaints. If you just need a basic server that will handle your personal email without requiring you to learn what amounts to a new programming language (as with Exim and a few others), it's a good choice. The full distribution includes a POP/IMAP server and a webmail system. Just be sure not to skip the README file, and follow the instructions for testing your installation step-by-step. I have NOT tried to set up intensive anti-spam measures on Courier, so I don't know what problems may be in store there, but I'm sure there is info at http://www.courier-mta.org I'm not really as evangelistic for Courier as I sound. As long as you stay away from Qmail you will probably be happy with whatever you use. I do recommend that you use something that supports Maildir style mailboxes, though. - Bob ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail server setup questions
In the last exciting episode of the [EMAIL PROTECTED] saga on Thu, Sep 06, 2007 at 06:27 , [EMAIL PROTECTED] as heard to say: Date: Thu, 6 Sep 2007 11:37:11 +1000 From: Norberto Meijome [EMAIL PROTECTED] Subject: Re: mail server setup questions To: Bob Johnson [EMAIL PROTECTED] Cc: Andrey Shuvikov [EMAIL PROTECTED], freebsd-questions@freebsd.org On Wed, 5 Sep 2007 16:52:56 -0400 Bob Johnson [EMAIL PROTECTED] wrote: In case I haven't made myself clear, I despise Qmail with a passion. I suppose it is suitable for people who like puzzles (as in What patches do I need to make this do something useful? or What third-party tool do I need to make sense out of these awful log files?) and who don't mind inflicting lots of unnecessary secondary spam on the rest of the world. Yes, I know there are _supposed_ to be patches that fix that problem, but (a) the one I've seen in action doesn't work very well, and (b) you shouldn't need to apply third-party patches to your mail server to make it do what it is supposed to do in the first place. I second all these points. I think it's probably better to use sendmail than qmail. Sendmail at least supports most (all?) SMTP / antispam related features, it is well documented , and configurable to the extreme (with the caveat that its configuration may be a bit daunting to the un-initiated :D). I just realised that qmail appears over and over in Linux distros, or at least on linux servers i've had to suffer... not sure the relationship there (in design / philosophy...)... and I am really NOT wanting to start a flame war. Just a thought that crossed my mind as I was reading this thread. Best, B I've been using sendmail for years, once it got stable, and I moved from Smail. This was on a SysV.3 from Esix. However one day I decided to see what all the hoopla over qmail was about. So I went into the ports and ran make. Much to my suprise, qmail installed 6 separate accounts in the pasword file. This was just with a make and NOT make install. That at the very least is very rude behaviour. And another problem with qmail from what I've read is that if you send mail to several people on the same server, instead of doing what all other MTA's do - and send ONE mail with all addresses, qmail will generate a separate email for each user - putting un-needed loads on your server and the recipients machine. And the last time the qmail tar file that you get when you run make has been changed was March 4, 2001. Anyone who even thinks that a piece of software that it 6 years old has no flaws had best re-think this. The last patches were in 2003. ISTR that I heard DJB speak at a Usenix conference many years ago and I was less than impressed with his I'm better than any of you attitude. Many seem to share that feeling - so consider me prejudiced. Bill -- Bill Vermillion - bv @ wjv . com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail server setup questions
Bill Vermillion wrote: In the last exciting episode of the [EMAIL PROTECTED] saga on Thu, Sep 06, 2007 at 06:27 , [EMAIL PROTECTED] as heard to say: Date: Thu, 6 Sep 2007 11:37:11 +1000 From: Norberto Meijome [EMAIL PROTECTED] Subject: Re: mail server setup questions To: Bob Johnson [EMAIL PROTECTED] Cc: Andrey Shuvikov [EMAIL PROTECTED], freebsd-questions@freebsd.org On Wed, 5 Sep 2007 16:52:56 -0400 Bob Johnson [EMAIL PROTECTED] wrote: In case I haven't made myself clear, I despise Qmail with a passion. I suppose it is suitable for people who like puzzles (as in What patches do I need to make this do something useful? or What third-party tool do I need to make sense out of these awful log files?) and who don't mind inflicting lots of unnecessary secondary spam on the rest of the world. Yes, I know there are _supposed_ to be patches that fix that problem, but (a) the one I've seen in action doesn't work very well, and (b) you shouldn't need to apply third-party patches to your mail server to make it do what it is supposed to do in the first place. I second all these points. I think it's probably better to use sendmail than qmail. Sendmail at least supports most (all?) SMTP / antispam related features, it is well documented , and configurable to the extreme (with the caveat that its configuration may be a bit daunting to the un-initiated :D). I just realised that qmail appears over and over in Linux distros, or at least on linux servers i've had to suffer... not sure the relationship there (in design / philosophy...)... and I am really NOT wanting to start a flame war. Just a thought that crossed my mind as I was reading this thread. Best, B I've been using sendmail for years, once it got stable, and I moved from Smail. This was on a SysV.3 from Esix. However one day I decided to see what all the hoopla over qmail was about. So I went into the ports and ran make. Much to my suprise, qmail installed 6 separate accounts in the pasword file. This was just with a make and NOT make install. That at the very least is very rude behaviour. And another problem with qmail from what I've read is that if you send mail to several people on the same server, instead of doing what all other MTA's do - and send ONE mail with all addresses, qmail will generate a separate email for each user - putting un-needed loads on your server and the recipients machine. And the last time the qmail tar file that you get when you run make has been changed was March 4, 2001. Anyone who even thinks that a piece of software that it 6 years old has no flaws had best re-think this. The last patches were in 2003. Don't wonder if qmail has flaws, go to CERT.org and search first for Sendmail, then Postfix, then Exim, then qmail. To say Anyone who even thinks that a piece of software that it 6 years old has no flaws had best re-think this., is simply FUD. ISTR that I heard DJB speak at a Usenix conference many years ago and I was less than impressed with his I'm better than any of you attitude. Many seem to share that feeling - so consider me prejudiced. We have run qmail for several years on FreeBSD quite well with few problems, none of which where related to the software, it's design, it's configuration, always it was Clam or SpamAssassin binding things up. It is stable, fast, secure, and provides abilities other MTAs do not. It is our first choice for a toaster or a mail list server. We use Sendmail on our gateways for it's excellent milter support and versatile configuration. It has more knobs than a recording studio. If we had a client with just a few domains and the need for their own MTA, we would install Postfix for it's ease of use. It's rock solid and easy to remember when you come back to it six months later. If your only tool is a hammer, every problem looks like a nail DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: mail server setup questions
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Russell E. Meek Sent: Tuesday, September 04, 2007 5:20 PM To: Jim Stapleton Cc: freebsd-questions@freebsd.org Subject: Re: mail server setup questions Quoting Jim Stapleton [EMAIL PROTECTED]: I need a mail server to take incoming mail, and provide a pop3 (or better yet, SSLed POP3) connection. I've tried akpop3d and qmail, but have had less than brilliant success getting them functional. Could you all suggest to me what you use and a good web site for configuring it as it would be done in FreeBSD? Please cc me, as I have the list subscribed in digest mode. Thanks, -Jim Stapleton ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] http://www.tnpi.biz/internet/mail/toaster/ Perfection - and qmail based also. No, this isn't perfection. Jim (and Russell) let me point out one thing about solutions like this. Something like this is designed for people who don't know how to build a mailserver, to download some files, pull the trigger, and Blammo - instant mailserver. In short, a big black box that works as a mailserver. The problem is, however, that the only guy that really and truly knows how everthing works in that black box is the guy that wrote the black box - the author of toaster, himself. You, being the clueless admin who pulled the trigger, are not going to be instantly converted into a knowledgeable mail server admin by pulling the trigger. You are just going to be a clueless admin who now has a big powerful black box that can go kill people, just as easily as explode in his face. Kind of like the country of Iraq buying a nuclear device - they don't know what they have, don't know how to build it, and are not qualified at all to use it. If something in that black box goes kablooie - which sooner or later it will, since all mail systems have problems - you are going to be screwed over. If you have a small home mailserver with a couple of friends on it, a system like Toaster can be a real help - IF you install it, then spend months picking it apart, to learn how to not be a clueless admin. However if you install it then spend the next 3 months watching reruns of Lost, then assume you now know all there is to know about a mailserver, you are then a stupid fool. Or, if your an admin with a big string of mailservers already under your belt who is looking for interesting code bits he can steal to incorporate into his own mailservers, then Toaster is also of value. But if your just a guy looking for a quick gun to shoot a problem so he can go on to the next thing, then your just going to screw yourself with something like Toaster. You would be much better advised to build the mailserver from scratch. Sure, your mailserver won't have all the pretty graphs and admin interfaces that something like Toaster has. But, you will know how it works and the day you get a phone call and 400 users now can't get mail, you will know how to fix it. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail server setup questions
On Tue, 4 Sep 2007 23:21:47 -0700 Ted Mittelstaedt [EMAIL PROTECTED] wrote: [...] Kind of like the country of Iraq buying a nuclear device - they don't know what they have, don't know how to build it, and are not qualified at all to use it. [...] Please save us from these words of wisdom. Your opinions about them and about competence and collective knowledge of world states are off-topic here. Such arrogancy and ignorance are very miserable. Nikola Lečić ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail server setup questions
On Tue, 4 Sep 2007 18:03:20 -0400
Jim Stapleton [EMAIL PROTECTED] wrote:
I need a mail server to take incoming mail, and provide a pop3 (or
better yet, SSLed POP3) connection.
Jim,
- incoming email + delivery : postfix . Really well documented. Haven't found a
feature not implemented. As secure as you configure it (unlike qmail which
implements a lot of security by axing features, so u need to add dubious
hacks...)
- dovecot : POP + IMAP, works quite well with ssl too
- webmail : i use roundcube, but there are plenty of options. All u need is
something that talks IMAP to your imap server
- amavis-new as glue for Spam assassin / other spam tagging system + clamav.
B
_
{Beto|Norberto|Numard} Meijome
Sysadmins can't be sued for malpractice, but surgeons don't have to
deal with patients who install new versions of their own innards.
I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: mail server setup questions
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Nikola Lecic Sent: Tuesday, September 04, 2007 11:41 PM To: Ted Mittelstaedt Cc: Russell E. Meek; Jim Stapleton; freebsd-questions@freebsd.org Subject: Re: mail server setup questions On Tue, 4 Sep 2007 23:21:47 -0700 Ted Mittelstaedt [EMAIL PROTECTED] wrote: [...] Kind of like the country of Iraq buying a nuclear device - they don't know what they have, don't know how to build it, and are not qualified at all to use it. [...] Please save us from these words of wisdom. Your opinions about them and about competence and collective knowledge of world states are off-topic here. Such arrogancy and ignorance are very miserable. Your reaction is facinating considering the location implied by your e-mail reply address. I can perhaps understand your adversion to the use of metaphors in language - God know the Serbian propagandists warped the metaphor beyond the breaking point in your history and perhaps now, there is a horror of them there that will take generations to dissipate. In any case, please rest assured I was not talking about nuclear weapons or Iraq, merely incompetent admins running mailservers that were beyond their capabilities. It was merely a metaphor. I would encourage you to get beyond your instinctual knee-jerk reaction against the metaphor, as it is widely used language device in virtually all languages and cultures in use by mankind today. No serious person would ever argue for the proposition that a non-nuclear country be allowed to purchase nuclear weapons, much less use them. As, no serious person should ever argue for clueless admins to run mailservers that they know nothing about. Never forget when you or anyone sets up a mailserver on the Internet you are putting a server online that can be used to cause a tremendous amount of damage to other mailservers on the Internet. It is a responsibility that should never be taken lightly. Far too many Windoze admins do this already. We as FreeBSD users do not need to emulate such disgusting behavior. Jim posted here asking for help, using words and language that gives serious doubt that he is competent to run a mailserver of any kind. It would be irresponsible in the extreme to tell him to run pell-mell into fielding a system that is way beyond his capabilities. His goal should be to gain competence as well as a mailserver, lest he cause serious problems on the Internet. We do NOT need one more misconfigured server on the Internet that is a spam or virus source. The best way for him to do this - and be a responsible network admin - is to start small, with individual pieces, and learn each subsystem. The worst way would be to drop a canned package in that he doesen't understand. It is to the list's credit that the vast majority of responses to Jim were to direct him to the individual packages - NOT to a toaster approach that would likely teach him nothing. Hopefully next time you will stick to addressing the topic of the responses and not get hung up on attacking an alliteration or some other language device that someone might use. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail server setup questions
On 05.09.2007 11:22, Ted Mittelstaedt wrote: [...] Your reaction is facinating considering the location implied by your e-mail reply address. I can perhaps understand your adversion to the use of metaphors in language - God know the Serbian propagandists warped the metaphor beyond the breaking point in your history and perhaps now, there is a horror of them there that will take generations to dissipate. This is clearly off topic on a technical list. [...] Hopefully next time you will stick to addressing the topic Good advice. I am sure you could have written your response without mentioning nuclear weapons, Iraq et al. -- Eray of the responses and not get hung up on attacking an alliteration or some other language device that someone might use. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail server setup questions
On 05.09.2007 11:22, Ted Mittelstaedt wrote: [...] Your reaction is facinating considering the location implied by your e-mail reply address. I can perhaps understand your adversion to the use of metaphors in language - God know the Serbian propagandists warped the metaphor beyond the breaking point in your history and perhaps now, there is a horror of them there that will take generations to dissipate. I thought were discussing the configuration of the mail server not your hatred toward us Serbs, Iraqis and God knows whom else. But then on the second thought maybe you are trying to teach us how to configure the spam filter. So how high should we set it? Only Serbs from Serbia can not send emails or even we Serbs who live in U. S? Are you coding now MailScanner-antiSerb version or MailScanner-antiIraqi version? [...] Hopefully next time you will stick to addressing the topic. We Serbs are certainly hopping for that! Sincerely, Predrag Punosevac Arizona ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail server setup questions
Please, I didn't intend this to be a flame war - though thinking back, I guess I should have expected strong views on this. This is not the place for such agressiveness. The rest of this is for everyone Thank all of you for your suggestions, I'll look at them. This is a mail server for me and maybe a few friends. I plan on running incoming SMTP, maybe at some point outgoing (requiring authentication/SSL, definetly no relay), no relay, no webmail, POP, if possible only under SSL. I think there's enough here for me to do my research and get what I need. Thank you, -Jim Stapleton On 9/5/07, Ted Mittelstaedt [EMAIL PROTECTED] wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Nikola Lecic Sent: Tuesday, September 04, 2007 11:41 PM To: Ted Mittelstaedt Cc: Russell E. Meek; Jim Stapleton; freebsd-questions@freebsd.org Subject: Re: mail server setup questions On Tue, 4 Sep 2007 23:21:47 -0700 Ted Mittelstaedt [EMAIL PROTECTED] wrote: [...] Kind of like the country of Iraq buying a nuclear device - they don't know what they have, don't know how to build it, and are not qualified at all to use it. [...] Please save us from these words of wisdom. Your opinions about them and about competence and collective knowledge of world states are off-topic here. Such arrogancy and ignorance are very miserable. Your reaction is facinating considering the location implied by your e-mail reply address. I can perhaps understand your adversion to the use of metaphors in language - God know the Serbian propagandists warped the metaphor beyond the breaking point in your history and perhaps now, there is a horror of them there that will take generations to dissipate. In any case, please rest assured I was not talking about nuclear weapons or Iraq, merely incompetent admins running mailservers that were beyond their capabilities. It was merely a metaphor. I would encourage you to get beyond your instinctual knee-jerk reaction against the metaphor, as it is widely used language device in virtually all languages and cultures in use by mankind today. No serious person would ever argue for the proposition that a non-nuclear country be allowed to purchase nuclear weapons, much less use them. As, no serious person should ever argue for clueless admins to run mailservers that they know nothing about. Never forget when you or anyone sets up a mailserver on the Internet you are putting a server online that can be used to cause a tremendous amount of damage to other mailservers on the Internet. It is a responsibility that should never be taken lightly. Far too many Windoze admins do this already. We as FreeBSD users do not need to emulate such disgusting behavior. Jim posted here asking for help, using words and language that gives serious doubt that he is competent to run a mailserver of any kind. It would be irresponsible in the extreme to tell him to run pell-mell into fielding a system that is way beyond his capabilities. His goal should be to gain competence as well as a mailserver, lest he cause serious problems on the Internet. We do NOT need one more misconfigured server on the Internet that is a spam or virus source. The best way for him to do this - and be a responsible network admin - is to start small, with individual pieces, and learn each subsystem. The worst way would be to drop a canned package in that he doesen't understand. It is to the list's credit that the vast majority of responses to Jim were to direct him to the individual packages - NOT to a toaster approach that would likely teach him nothing. Hopefully next time you will stick to addressing the topic of the responses and not get hung up on attacking an alliteration or some other language device that someone might use. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail server setup questions
Jim posted here asking for help, using words and language that gives serious doubt that he is competent to run a mailserver of any kind. Knowledgeable and competant are two different things. If I were not competant, I would not bother attempting to get that knowledge that I lack. I don't know the nitty gritty details about exactly what and how mail servers are encrypted. I don't know all the nitty gritty details about how everything talks and intercommunicates. I do know that that any time a password goes over the internet (not just LAN) it needs to be encrypted as securly as possible. I do know that mail (and other) servers should live in jails. I do know not to run an open relay (take email from any server to deliver to any server, without authentication, and plan to achieve this by only allowing incoming mail). I do know that there is no such thing as too much paranoia when setting up a server. I know to find out and learn what I don't know, rather than to just stumble along blindly. There, that about covers everything that I do/don't know. -Jim Stapleton ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail server setup questions
Predrag Punosevac wrote: On 05.09.2007 11:22, Ted Mittelstaedt wrote: [...] Your reaction is facinating considering the location implied by your e-mail reply address. I can perhaps understand your adversion to the use of metaphors in language - God know the Serbian propagandists warped the metaphor beyond the breaking point in your history and perhaps now, there is a horror of them there that will take generations to dissipate. I thought were discussing the configuration of the mail server not your hatred toward us Serbs, Iraqis and God knows whom else. But then on the second thought maybe you are trying to teach us how to configure the spam filter. So who high should we set it. Only Serbs from Serbia can not send emails or even we Serbs who live in U. S? Are you coding now MailScanner-antiSerb version or MailScanner-antiIraqi version? [...] Hopefully next time you will stick to addressing the topic. We Serbs are certainly hopping for that! Sincerely, Predrag Punosevac Arizona ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail server setup questions
On Wednesday 05 September 2007 12:34:45 Jim Stapleton wrote: Thank all of you for your suggestions, I'll look at them. This is a mail server for me and maybe a few friends. I plan on running incoming SMTP, maybe at some point outgoing (requiring authentication/SSL, definetly no relay), no relay, no webmail, POP, if possible only under SSL. I think there's enough here for me to do my research and get what I need. Thank you, Don't rule out good old mail/qpopper just yet. Also, be aware that whichever solution you choose, there are scanners out there that won't hesitate to query port 110 with an account guesser, which can spawn many daemons depending on how fast your pop server handles it. You may wanna limit access to port 110 to you and your friends if that's possible or look into a pop server that can limit ammount of requests/second it accepts from host. -- Mel People using reply to all on lists, must think I need 2 copies. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail server setup questions
On Wed, Sep 05, 2007 at 03:14:37AM -0700, Predrag Punosevac wrote: I thought were discussing the configuration of the mail server not your hatred toward us Serbs, Iraqis and God knows whom else. But then on the second thought maybe you are trying to teach us how to configure the spam filter. So who high should we set it. Only Serbs from Serbia can not send emails or even we Serbs who live in U. S? Are you coding now MailScanner-antiSerb version or MailScanner-antiIraqi version? This discussion has gotten thoroughly bizarre rather quickly. -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] Larry Wall: A script is what you give the actors. A program is what you give the audience. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail server setup questions
On Wed, 5 Sep 2007 01:22:12 -0700 Ted Mittelstaedt [EMAIL PROTECTED] wrote: Your reaction is facinating considering the location implied by your e-mail reply address. I can perhaps understand your adversion to the use of metaphors in language - God know the Serbian propagandists warped the metaphor beyond the breaking point in your history and perhaps now, there is a horror of them there that will take generations to dissipate. Congratulations. This is an international project and not your parochial meeting where you can discuss the knowledge gleaned from TV end enjoy such fascinating vocabulary and deductions related to someone's TLD. Please learn how to behave appropriately before you post. (A friendly advice: _please_ take some literature lessons in order to learn what is metaphor.) Nikola Lečić, Belgrade, Serbia ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail server setup questions
Hi, 2007/9/5, Nikola Lecic [EMAIL PROTECTED]: On Wed, 5 Sep 2007 01:22:12 -0700 Ted Mittelstaedt [EMAIL PROTECTED] wrote: Your reaction is facinating considering the location implied by your e-mail reply address. I can perhaps understand your adversion to the use of metaphors in language - God know the Serbian propagandists warped the metaphor beyond the breaking point in your history and perhaps now, there is a horror of them there that will take generations to dissipate. Congratulations. This is an international project and not your parochial meeting where you can discuss the knowledge gleaned from TV end enjoy such fascinating vocabulary and deductions related to someone's TLD. I wonder if all thread participants can relax a bit? I have always been impressed how friendly this list is. Have been watching this thread and cannot understand how it came that such a flame war broke out. Please cool down and stop sending rubbish to everyone's inbox. Continue off list if you really have to. Warm regards, Zbigniew Szalbot ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: mail server setup questions
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Predrag Punosevac Sent: Wednesday, September 05, 2007 3:24 AM To: [EMAIL PROTECTED] Subject: Re: mail server setup questions On 05.09.2007 11:22, Ted Mittelstaedt wrote: [...] Your reaction is facinating considering the location implied by your e-mail reply address. I can perhaps understand your adversion to the use of metaphors in language - God know the Serbian propagandists warped the metaphor beyond the breaking point in your history and perhaps now, there is a horror of them there that will take generations to dissipate. I thought were discussing the configuration of the mail server not your hatred toward us Serbs, Iraqis and God knows whom else. Amazing you find hatred where none exists. Perhaps your only reflecting your own biases? Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: mail server setup questions
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Eray Aslan Sent: Wednesday, September 05, 2007 2:05 AM To: freebsd-questions@freebsd.org Subject: Re: mail server setup questions Good advice. I am sure you could have written your response without mentioning nuclear weapons, Iraq et al. Sure - and I'm sure you could write an instruction manual that nobody would want to read, either, unless as a sleep aid. Metaphors are a legitimate literary device. If your unfamiliar with them I would suggest you review what is known as classic literature Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail server setup questions
On Wed, 5 Sep 2007 17:44:15 +0200 Zbigniew Szalbot [EMAIL PROTECTED] wrote: Hi, 2007/9/5, Nikola Lecic [EMAIL PROTECTED]: On Wed, 5 Sep 2007 01:22:12 -0700 Ted Mittelstaedt [EMAIL PROTECTED] wrote: Your reaction is facinating considering the location implied by your e-mail reply address. I can perhaps understand your adversion to the use of metaphors in language - God know the Serbian propagandists warped the metaphor beyond the breaking point in your history and perhaps now, there is a horror of them there that will take generations to dissipate. Congratulations. This is an international project and not your parochial meeting where you can discuss the knowledge gleaned from TV end enjoy such fascinating vocabulary and deductions related to someone's TLD. I wonder if all thread participants can relax a bit? I have always been impressed how friendly this list is. Have been watching this thread and cannot understand how it came that such a flame war broke out. [...] Please cool down and stop sending rubbish to everyone's inbox. Zbigniew, please don't teach me lessons in politeness. Ted posted two very offensive mails and everyone has a right to publicly reply to publicly posted offence. If that's problem for you, then ignore this thread. Be careful when using word rubbish. Nikola Lečić ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: mail server setup questions
-Original Message- From: Jim Stapleton [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 05, 2007 3:55 AM To: Ted Mittelstaedt Cc: Nikola Lecic; Russell E. Meek; freebsd-questions@freebsd.org Subject: Re: mail server setup questions Jim posted here asking for help, using words and language that gives serious doubt that he is competent to run a mailserver of any kind. Knowledgeable and competant are two different things. If I were not competant, I would not bother attempting to get that knowledge that I lack. Of course. The fact you posted at all indicates your aware that competence is learned and that you want to become competent. A far more admirable attitude than the people that assume that everyone is completely competent at everything and calling someone incompetent is the same as calling them a baby-killer. I don't know the nitty gritty details about exactly what and how mail servers are encrypted. I don't know all the nitty gritty details about how everything talks and intercommunicates. I do know that that any time a password goes over the internet (not just LAN) it needs to be encrypted as securly as possible. Only if there is a possiblity that the communication channel can be tapped. The phrase going over the Internet is so broad as to be completely meaningless. You can mean just about everything from completely unencrypted wireless to an untappable OC3 between providers. Most password cracking takes place on the client - all the encryption in the world won't protect you from clueless users who click on URLs in e-mails they get. I do know that mail (and other) servers should live in jails. They can if you want. However I have never done so and never had a mailserver rooted. Of course, I have kept stuff reasonably up to date - that is the other part of the issue. In any case running in a jail does not really address the biggest problems with mailservers - their hijacking by spammers and other criminals. By definition a mailserver transfers mail. Putting it's programs in a jail does not make it cease to transfer mail. If such mail transfer happens between the people you want it to happen between, then great. But if you misconfigure the stuff you have jailed, the mailserver will happily transfer mail between the people you don't want it transferring mail from and everyone else. I do know not to run an open relay (take email from any server to deliver to any server, without authentication, and plan to achieve this by only allowing incoming mail). I would submit you think you do. For example, are you planning on putting a webmail interface on the server? A lot of people do. Well if you do and you put a scrap of CGI on there that has a hole in it a spammer can come along and cause that to relay mail from incoming http right into your mail queue. He doesen't need root access to do this. I do know that there is no such thing as too much paranoia when setting up a server. Then you know 90% of what you need to know. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail server setup questions
Hello, Zbigniew, please don't teach me lessons in politeness. Ted posted two very offensive mails and everyone has a right to publicly reply to publicly posted offence. If that's problem for you, then ignore this thread. Be careful when using word rubbish. My apologies. I shoudn't have used the word rubbish. But please take into account that: 1. I am interested in the subject of mail server setup so I generally follow such threads 2. For the whole day I have been opening emails where you exchange opinions that have nothing to do with mail server setup. 3. I have no intention of teaching anyone lessons in politness. If this has been your impression, I need to apologize again. Regards, Zbigniew Szalbot ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail server setup questions
* Jim Stapleton [EMAIL PROTECTED] [2007-09-04 18:03:20 -0400]: I need a mail server to take incoming mail, and provide a pop3 (or better yet, SSLed POP3) connection. I would second the recommendation for Postfix -- and Dovecot for POP. Could you all suggest to me what you use and a good web site for configuring it as it would be done in FreeBSD? The Postfix documentation is very thorough and complete, and that is all you should need. Their website has some links to various HOWTOs: http://www.postfix.org/docs.html Thomas -- N.J. Thomas [EMAIL PROTECTED] Etiamsi occiderit me, in ipso sperabo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail server setup questions
On Wed, Sep 05, 2007 at 08:51:18AM -0700, Ted Mittelstaedt wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Eray Aslan Sent: Wednesday, September 05, 2007 2:05 AM To: freebsd-questions@freebsd.org Subject: Re: mail server setup questions Good advice. I am sure you could have written your response without mentioning nuclear weapons, Iraq et al. Sure - and I'm sure you could write an instruction manual that nobody would want to read, either, unless as a sleep aid. Metaphors are a legitimate literary device. If your unfamiliar with them I would suggest you review what is known as classic literature Come on folks. You'll never get anywhere in a flame war with Ted. He changes the ground under you any time it is convenient. Much better to teach him to spell you're, distinguish between your and you're and use them correctly. Now that would be helpful. jerry Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail server setup questions
On Wed, 5 Sep 2007 12:28:51 -0400 Jerry McAllister [EMAIL PROTECTED] wrote: Come on folks. You'll never get anywhere in a flame war with Ted. He changes the ground under you any time it is convenient. Jerry, I appreciate your good will, but he doesn't change ground. And this is not a flame war but a reaction to the rude and arrogant posts. His (obviously well-known) character cannot be an excuse to speak whatever he wishes. I'm very disappointed that more official people on this list didn't say something like Ted, please respect our users from all countries, including those two countries you have mentioned (as they did couple of times in the near past). Nikola Lečić ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail server setup questions
Hi, I'm trying to set up a home mailserver with imap/web access. But I was going to use exim. Several people mentioned postfix here, but nobody named exim. Is it a matter of personal preference or is exim not suitable for this task? Thanks, Andrey ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
[Fwd: Re: mail server setup questions]
---BeginMessage--- Andrey Shuvikov wrote: Hi, I'm trying to set up a home mailserver with imap/web access. But I was going to use exim. Several people mentioned postfix here, but nobody named exim. Is it a matter of personal preference or is exim not suitable for this task? Thanks, Andrey ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] We have a exim at the University of Arizona and works really well (but I am just a user not a sysadmin). I had the same question since I have use sendmail as my home server but I am really curious what more knowledgeable people have to say on this topic. Regards Predrag P. S. I apologize for my previous mail that was of topic but I was truly offended. ---End Message--- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail server setup questions
Andrey Shuvikov wrote: Hi, I'm trying to set up a home mailserver with imap/web access. But I was going to use exim. Several people mentioned postfix here, but nobody named exim. Is it a matter of personal preference or is exim not suitable for this task? Thanks, Andrey ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] We have a exim at the University of Arizona and works really well (but I am just a user not a sysadmin). I had the same question since I have used sendmail as my home mail server but I am really curious what more knowledgeable people have to say on this topic. Regards Predrag P. S. I apologize to everyone for my previous mail on this thread that was of topic but I was truly offended. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail server setup questions
On Wed, Sep 05, 2007 at 12:21:56PM -0700, Predrag Punosevac wrote: Andrey Shuvikov wrote: Hi, I'm trying to set up a home mailserver with imap/web access. But I was going to use exim. Several people mentioned postfix here, but nobody named exim. Is it a matter of personal preference or is exim not suitable for this task? Thanks, Andrey ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] We have a exim at the University of Arizona and works really well (but I am just a user not a sysadmin). I had the same question since I have used sendmail as my home mail server but I am really curious what more knowledgeable people have to say on this topic. There is no real problem with sendmail. Maybe there was years ago, but it works fine. Some of the configuration can be rather arcane, but mostly people just get their favorite and want to defend it. jerry Regards Predrag P. S. I apologize to everyone for my previous mail on this thread that was of topic but I was truly offended. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail server setup questions
Andrey Shuvikov wrote: Hi, I'm trying to set up a home mailserver with imap/web access. But I was going to use exim. Several people mentioned postfix here, but nobody named exim. Is it a matter of personal preference or is exim not suitable for this task? Exim is a capable mailer as is postfix. I think its mostly a matter of preference but I havent delved into Exim too much. Personally I run Postfix and Dovecot for my mail server setup. Roundcube does a nice job in providing a front end on the web for Dovecot. Eric ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail server setup questions
On Sep 5, 2007, at 2:05 PMSep 5, 2007, Andrey Shuvikov wrote: Hi, I'm trying to set up a home mailserver with imap/web access. But I was going to use exim. Several people mentioned postfix here, but nobody named exim. Is it a matter of personal preference or is exim not suitable for this task? Andrey, I can't speak of exim or qmail, but I had used sendmail for nearly 10 years before switching to postfix. I switched was for support of virtual mail boxes, and better support for IMAP. Regardless of the software you choose, it's to your benefit to figure out what you want to do in the long run, and choose the software that is best going to allow you to achieve those goals. HTH - Eric F Crist Secure Computing Networks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail server setup questions
On 9/5/07, Andrey Shuvikov [EMAIL PROTECTED] wrote: Hi, I'm trying to set up a home mailserver with imap/web access. But I was going to use exim. Several people mentioned postfix here, but nobody named exim. Is it a matter of personal preference or is exim not suitable for this task? It's most definitely a matter of personal preference. I lean toward Exim or Courier. Exim is highly customizable, but the price you pay for that is a steep learning curve when you start looking at customization. Courier isn't as flexible, but can do anything most people are likely to want from a mail server by just setting the appropriate configuration values. And if you just must have more complexity, you can use procmail to do local delivery for Courier. FWIW I use Courier at home and Exim at work. We replaced Qmail (yech!) with Exim at work in part because we needed its customizability. The only real reason for me to switch to Exim at home would be to reduce the number of tools I'm dealing with. Courier has the advantage of having everything (smtp, pop, imap, and webmail servers) all distributed as one package, other than the host web server for the webmail component. Whatever you do, please don't use Qmail. I don't want any more blowback spam than I already get. In case I haven't made myself clear, I despise Qmail with a passion. I suppose it is suitable for people who like puzzles (as in What patches do I need to make this do something useful? or What third-party tool do I need to make sense out of these awful log files?) and who don't mind inflicting lots of unnecessary secondary spam on the rest of the world. Yes, I know there are _supposed_ to be patches that fix that problem, but (a) the one I've seen in action doesn't work very well, and (b) you shouldn't need to apply third-party patches to your mail server to make it do what it is supposed to do in the first place. - Bob ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail server setup questions
I would submit you think you do. For example, are you planning on putting a webmail interface on the server? A lot of people do. Well if you do and you put a scrap of CGI on there that has a hole in it a spammer can come along and cause that to relay mail from incoming http right into your mail queue. He doesen't need root access to do this. I have never stated interest in putting web mail up in my to-do list, and in fact, have explicitly stated at least once, I've no intention of doing that. To be blunt, I don't trust it. I only use it for things on which I don't care about the security (ex. reading mailing lists). I care about the security of my server. -Jim Stapleton ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail server setup questions
Hello 2007/9/5, Andrey Shuvikov [EMAIL PROTECTED]: Hi, I'm trying to set up a home mailserver with imap/web access. But I was going to use exim. Several people mentioned postfix here, but nobody named exim. Is it a matter of personal preference or is exim not suitable for this task? It is more than suitable. Both postfix and exim are comparable and powerful MTAs. I personally use Exim but that's because I started with it. It is very customizable. For those who begin their adventure with exim, maybe even vexim is better because you get everything virtualised (virtual users, domains, etc.) and you define your emails, quotas, etc. via browser. http://silverwraith.com/vexim/ Regards, Zbigniew Szalbot ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail server setup questions
On Wed, Sep 05, 2007 at 04:52:56PM -0400, Bob Johnson wrote: On 9/5/07, Andrey Shuvikov [EMAIL PROTECTED] wrote: Hi, I'm trying to set up a home mailserver with imap/web access. But I was going to use exim. Several people mentioned postfix here, but nobody named exim. Is it a matter of personal preference or is exim not suitable for this task? Exim is as suited for the task as Postfix and Sendmail. All three are in roughly the same class of mail transfer agent, and are roughly interchangeable in terms of functionality. Sendmail is very old-school Unix in its design philosophy, from what I've seen. Postfix is pretty easy to wrap your head around and is pretty light on resources when well-configured. Exim -- well, I suspect it has some excellent qualities to recommend it, but my personal experience is that it's a severe pain in my fourth point of contact to configure. Exim is the default MTA for Debian, and while I was using Debian I ended up swapping out Exim for Postfix on every install after I finally got tired of dealing with Exim's configuration complexities and caveats. Your mileage may vary. Whatever you do, please don't use Qmail. I don't want any more blowback spam than I already get. I'm not a huge fan of Qmail, either. I not only try to avoid it myself, but wish others would do so as well.
Re: mail server setup questions
Am Mittwoch 05 September 2007 21:14:17 schrieb Predrag Punosevac: We have a exim at the University of Arizona and works really well (but I am just a user not a sysadmin). Me, personally, I can only swear by Postfix. I've set up numerous Postfix mail servers over the last two years, and I've never had trouble with them as to this date. Postfix is robust (I've never had an error condition that _lost_ mails, so far), (actually) pretty easy to configure in comparison to sendmail and (IMHO) exim, simply because the documentation is extensive and the directives are clear and concise for the main configuration (that's for the main.cf; master.cf, which dispatches the different parts that make up Postfix, is a different topic, but you needn't touch that under most circumstances), and it's easily extensible my its extensive use of the generic feature of maps for any lookups required for configuration options (a map can basically come from anything, such as get*ent, flat db files, relational databases, a socket protocol, and some other things which you'd possibly not even dreamed about). By using the Postfix mail filter APIs (completely different to milter, but milter is also possible AFAIK in Postfix 2.3+), I've hacked together a small Anti-Harvester plugin in an afternoon for the three big servers I administered, and there's tons of software out there that plugs in with Postfix to do things like greylisting, spam control, mail traffic accounting and rate limiting, and the like. The architecture of Postfix I'm talking about is called the policy framework. Thirdly, I don't recall a major security vulverability in Postfix for quite some time now (longer than from what I know of sendmail, anyway, but this might be my biased vision), and generally, you can expect Postfix to come preconfigured safe, unless you explicitly open it up (which isn't easy to do). On the other hand: besides trying sendmail some years back (I still have the O'Reilly sendmail book somewhere on my shelf), I've never tried a different mailer in a production environment yet, so the value of my answer may vary. I know most of my peers who deploy Debian in server environment swear by exim (I should guess because it comes preinstalled and is the default for them), but again, I recall the horror I faced when I had a look at the exim configuration of my uni when I had to change mail routing (because their exim mailserver got blacklisted, and had to route through one of the servers administered by me to be able to get out mails at all; that was a happy moment in my student admin career :-)). Anyway, have a look at Postfix, I can pretty much guarantee you that it'll suck you in! -- Heiko Wundram Product Application Development ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail server setup questions
On Wed, 5 Sep 2007 16:52:56 -0400
Bob Johnson [EMAIL PROTECTED] wrote:
In case I haven't made myself clear, I despise Qmail with a passion. I
suppose it is suitable for people who like puzzles (as in What
patches do I need to make this do something useful? or What
third-party tool do I need to make sense out of these awful log
files?) and who don't mind inflicting lots of unnecessary secondary
spam on the rest of the world. Yes, I know there are _supposed_ to be
patches that fix that problem, but (a) the one I've seen in action
doesn't work very well, and (b) you shouldn't need to apply
third-party patches to your mail server to make it do what it is
supposed to do in the first place.
I second all these points. I think it's probably better to use sendmail than
qmail. Sendmail at least supports most (all?) SMTP / antispam related features,
it is well documented , and configurable to the extreme (with the caveat that
its configuration may be a bit daunting to the un-initiated :D).
I just realised that qmail appears over and over in Linux distros, or at least
on linux servers i've had to suffer... not sure the relationship there (in
design / philosophy...)... and I am really NOT wanting to start a flame war.
Just a thought that crossed my mind as I was reading this thread.
Best,
B
_
{Beto|Norberto|Numard} Meijome
It is not the strongest of the species that survive, nor the most intelligent,
but the one most responsive to change. Charles Darwin.
I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
mail server setup questions
I need a mail server to take incoming mail, and provide a pop3 (or better yet, SSLed POP3) connection. I've tried akpop3d and qmail, but have had less than brilliant success getting them functional. Could you all suggest to me what you use and a good web site for configuring it as it would be done in FreeBSD? Please cc me, as I have the list subscribed in digest mode. Thanks, -Jim Stapleton ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail server setup questions
On Sep 4, 2007, at 5:03 PMSep 4, 2007, Jim Stapleton wrote: I need a mail server to take incoming mail, and provide a pop3 (or better yet, SSLed POP3) connection. I've tried akpop3d and qmail, but have had less than brilliant success getting them functional. Could you all suggest to me what you use and a good web site for configuring it as it would be done in FreeBSD? Please cc me, as I have the list subscribed in digest mode. Thanks, -Jim Stapleton It may be more than you're looking for, but check out www.purplehat.org and look for their postfix/dovecot how-to. It's very detailed and works great! - Eric F Crist Secure Computing Networks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail server setup questions
Quoting Jim Stapleton [EMAIL PROTECTED]: I need a mail server to take incoming mail, and provide a pop3 (or better yet, SSLed POP3) connection. I've tried akpop3d and qmail, but have had less than brilliant success getting them functional. Could you all suggest to me what you use and a good web site for configuring it as it would be done in FreeBSD? Please cc me, as I have the list subscribed in digest mode. Thanks, -Jim Stapleton ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] http://www.tnpi.biz/internet/mail/toaster/ Perfection - and qmail based also. Have fun. - Russell This message was sent securely via meektech.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: CVS server setup
Eduardo Morras [EMAIL PROTECTED] writes: I'm trying to setup a cvs server. I have a vps jail account so i can't make a jail in the jail to run the cvs server. Has cvs server a /chroot/ mode? Where can i find documentation to do so? All doc, man and howto i readed shows how to do creating a jail. Is there other way to do so? You should be able to use chroot(8) on it directly, as far as I can tell. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
CVS server setup
Hello: I'm trying to setup a cvs server. I have a vps jail account so i can't make a jail in the jail to run the cvs server. Has cvs server a /chroot/ mode? Where can i find documentation to do so? All doc, man and howto i readed shows how to do creating a jail. Is there other way to do so? Thanks - La copia casera esta matando los beneficios de las grandes compañias. Dejamos esta cara de la cinta en blanco para que ayudes Dead Kennedys, Cara B de /In God We Trust, Inc./ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Help needed with server setup at work
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Rico Secada Sent: Monday, April 23, 2007 10:48 AM To: [EMAIL PROTECTED] Subject: Help needed with server setup at work Hi. At work we have a bunch of NFS servers. The servers provide the home directories for all the employees client machines. Most of the employees mount their home dirs manually, but some are mounted using scripts. Employee John knows he belongs to NFS server 1, and emplyoee Britney knows she belongs to NFS server 3 and so on. Now due to new conditions Without saying what these new conditions are, you aren't giving much that anyone can give advice on. I have to set up a new system from which ALL employees are able to mount their home directories from their homes (where they live). Since I only have one IP address at my disposal, I need to set up some kind of union system in which all home directories apear as they live on just one server. Besides that I have to figure out what kind of security I need to use. I have been thinking about AFS. About the union thing I first thought of somehow union mouting all the different home directories on a single machine which then serves as the access point, but I am affraid if that particular machine crashes, then no one can get to their files. Your going about it in exactly the wrong way and in a very insecure manner, in my opinion. If you have a situation going where the building that all these employees are working in that contains them, their workstations, and their servers, is going to be vacated, such as a kind of virtual company scenario, then ASSUMING that the employees ALL have high-speed connectivity (DSL, Cable, or whatever) of at least a megabit, then the safest and most trouble-free way of doing it is to have ALL employees setup with their ISP's to have static IP addresses, amd then put hardware VPN firewalls at each employee's home and setup dedicated lan2lan VPNs that are permanently up all of the time. Linksys sells a very nice VPN firewall, the RV042, that is fantastic for this job. This will allow you to manage all employee computers just as if they were all in the now-missing building. This is particularly important as you can install patches, monitor for intrusion attempts, etc. It also moves the ickyness of the VPN client software away from the employees computer, simplifying that system. At the central hub where all the servers remain, you can easily setup a firewall that only allows VPNs in from the designated remote IP addresses. If however the need is for only periodic access, then investigate a remote control solution. I would recommend setting up a bastion host that is on your single public IP address, and a VNC server on it. Employees can use one of many VNC clients (there's even one for palm OS I belive) and go from their homes to the bastion host, then from the bastion host, xterm to their desktop systems. Putting a union NFS server up is just asking for trouble, particularly if you aren't restricting access to it via IP address. Ted ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Help needed with server setup at work
Hi. At work we have a bunch of NFS servers. The servers provide the home directories for all the employees client machines. Most of the employees mount their home dirs manually, but some are mounted using scripts. Employee John knows he belongs to NFS server 1, and emplyoee Britney knows she belongs to NFS server 3 and so on. Now due to new conditions I have to set up a new system from which ALL employees are able to mount their home directories from their homes (where they live). Since I only have one IP address at my disposal, I need to set up some kind of union system in which all home directories apear as they live on just one server. Besides that I have to figure out what kind of security I need to use. I have been thinking about AFS. About the union thing I first thought of somehow union mouting all the different home directories on a single machine which then serves as the access point, but I am affraid if that particular machine crashes, then no one can get to their files. Good ideas and experiences are greatly appreciated! -- Best and kind regards Rico Secada ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: new server setup questions
On Saturday 17 March 2007 9:24 pm, you wrote: On Sat, 17 Mar 2007 18:21:48 -0600 Ray [EMAIL PROTECTED] wrote: Hello, I'm trying to setup a new server, and I'm having some problems mostly with the network card. (machine specs follow) I can't get a driver to work for the integrated network card. I've spent a number of hours on google / the complete freeBSD / the freeBSD handbook. the handbook (section 11.8 http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/config-network- setup.html) outlines using ndis (project evil) drivers. I tried using this. I went through ndisgen, and everything seemed to work. I then tried to use kldload and got the error message: kldload: can't load file.ko :operation not permitted of course I did all of this as root. I am using the amd64 version of freeBSD (is this my first mistake?) and the 64 bit version of the drivers. as a side note, the supplied driver disk includes a source version of the linux driver. is there any way to use this? Any help or suggestions greatly appreciated. Ray machine specs ASUS M2N-SLI DELUXE mobo 2GB ram AMD 5200 x2 processor (sorry, the box isn't in front of me) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] a friend of mine installed a 6.2-RELEASE system with an nforce network card in it a few weeks ago. upon intial install, the nve adapter would not fire up. he put in another card that was supported (a linksys), did his cvsup and buildworld, and the nve driver worked after that. however, the nve thru our freebsd router has had trouble several times, locking the system up over frames with larger than 1500 mtu (or something to that effect). my friend had to dump the nve and just settle for the linksys, in the name of system system stability. cheers, jonathan I didn't get anywhere with 7-current, (it's shortcomings or my lack of knowledge, I don't know.) but I think my good friend Google came through again. I found a site (http://www.se.hiroshima-u.ac.jp/~shigeaki/software/freebsd-nfe.html) that provided a patch for phy1000 stuff (side note: can anybody point me to info on what this is all about?) and a new nforce driver source. This site includes a fairly detailed walk through. (oh yeah, don't try to use the 6.2 stable patch on a 6.2 release system, it doesn't work :)) the only slight concern that I have is when I run sysinstall -configure - Networking - interfaces the network ports show up as nfe0 unknown network interface type nfe1 unknown network interface type is this anything to worry about? I now have 2 new questions: kldload still gave me the same error as mentioned earlier in this thread does kldload not work, even for root when securelevel is set to secure, or does it fail when /boot/loader.conf is empty or ...? the reason I ask is that manually editing loader.conf works, kldload doesn't. How is the best way to test for stability? Just because it boots every time and pings google doesn't mean it's ready for production, especially in light of Jonathan's comment above. Thanks, Ray ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: new server setup questions
On Saturday 17 March 2007 9:24 pm, you wrote: On Sat, 17 Mar 2007 18:21:48 -0600 Ray [EMAIL PROTECTED] wrote: Hello, I'm trying to setup a new server, and I'm having some problems mostly with the network card. (machine specs follow) I can't get a driver to work for the integrated network card. I've spent a number of hours on google / the complete freeBSD / the freeBSD handbook. the handbook (section 11.8 http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/config-network- setup.html) outlines using ndis (project evil) drivers. I tried using this. I went through ndisgen, and everything seemed to work. I then tried to use kldload and got the error message: kldload: can't load file.ko :operation not permitted of course I did all of this as root. I am using the amd64 version of freeBSD (is this my first mistake?) and the 64 bit version of the drivers. as a side note, the supplied driver disk includes a source version of the linux driver. is there any way to use this? Any help or suggestions greatly appreciated. Ray machine specs ASUS M2N-SLI DELUXE mobo 2GB ram AMD 5200 x2 processor (sorry, the box isn't in front of me) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] a friend of mine installed a 6.2-RELEASE system with an nforce network card in it a few weeks ago. upon intial install, the nve adapter would not fire up. he put in another card that was supported (a linksys), did his cvsup and buildworld, and the nve driver worked after that. however, the nve thru our freebsd router has had trouble several times, locking the system up over frames with larger than 1500 mtu (or something to that effect). my friend had to dump the nve and just settle for the linksys, in the name of system system stability. cheers, jonathan (see adition below) I didn't get anywhere with 7-current, (it's shortcomings or my lack of knowledge, I don't know.) but I think my good friend Google came through again. I found a site (http://www.se.hiroshima-u.ac.jp/~shigeaki/software/freebsd-nfe.html) that provided a patch for phy1000 stuff (side note: can anybody point me to info on what this is all about?) and a new nforce driver source. This site includes a fairly detailed walk through. (oh yeah, don't try to use the 6.2 stable patch on a 6.2 release system, it doesn't work :)) the only slight concern that I have is when I run sysinstall -configure - Networking - interfaces the network ports show up as nfe0 unknown network interface type nfe1 unknown network interface type is this anything to worry about? I now have 2 new questions: kldload still gave me the same error as mentioned earlier in this thread does kldload not work, even for root when securelevel is set to secure, or does it fail when /boot/loader.conf is empty or ...? the reason I ask is that manually editing loader.conf works, kldload doesn't. How is the best way to test for stability? Just because it boots every time and pings google doesn't mean it's ready for production, especially in light of Jonathan's comment above. Thanks, Ray sorry, didn't fully acknowledge all sources see also http://www.nvnews.net/vbulletin/showthread.php?t=87698, followup for a second possible answer ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
new server setup questions
Hello, I'm trying to setup a new server, and I'm having some problems mostly with the network card. (machine specs follow) I can't get a driver to work for the integrated network card. I've spent a number of hours on google / the complete freeBSD / the freeBSD handbook. the handbook (section 11.8 http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/config-network-setup.html) outlines using ndis (project evil) drivers. I tried using this. I went through ndisgen, and everything seemed to work. I then tried to use kldload and got the error message: kldload: can't load file.ko :operation not permitted of course I did all of this as root. I am using the amd64 version of freeBSD (is this my first mistake?) and the 64 bit version of the drivers. as a side note, the supplied driver disk includes a source version of the linux driver. is there any way to use this? Any help or suggestions greatly appreciated. Ray machine specs ASUS M2N-SLI DELUXE mobo 2GB ram AMD 5200 x2 processor (sorry, the box isn't in front of me) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: new server setup questions
Ray wrote: Hello, I'm trying to setup a new server, and I'm having some problems mostly with the network card. (machine specs follow) I can't get a driver to work for the integrated network card. I've spent a number of hours on google / the complete freeBSD / the freeBSD handbook. the handbook (section 11.8 http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/config-network-setup.html) outlines using ndis (project evil) drivers. I tried using this. I went through ndisgen, and everything seemed to work. I then tried to use kldload and got the error message: kldload: can't load file.ko :operation not permitted of course I did all of this as root. I am using the amd64 version of freeBSD (is this my first mistake?) and the 64 bit version of the drivers. as a side note, the supplied driver disk includes a source version of the linux driver. is there any way to use this? Any help or suggestions greatly appreciated. Ray machine specs ASUS M2N-SLI DELUXE mobo 2GB ram AMD 5200 x2 processor (sorry, the box isn't in front of me) Not sure if nForce drivers are supported on the 6.2 install CD. You might want to give one of the 7-CURRENT driver CDs a go. Grab a snapshot iso from ftp://ftp7.freebsd.org/pub/FreeBSD/snapshots/200703, or the directory above it in one of the other snapshot directories if that doesn't work for you. -Garrett ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: new server setup questions
On Saturday 17 March 2007 6:27 pm, Garrett Cooper wrote: Ray wrote: Hello, I'm trying to setup a new server, and I'm having some problems mostly with the network card. (machine specs follow) I can't get a driver to work for the integrated network card. I've spent a number of hours on google / the complete freeBSD / the freeBSD handbook. the handbook (section 11.8 http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/config-network- setup.html) outlines using ndis (project evil) drivers. I tried using this. I went through ndisgen, and everything seemed to work. I then tried to use kldload and got the error message: kldload: can't load file.ko :operation not permitted of course I did all of this as root. I am using the amd64 version of freeBSD (is this my first mistake?) and the 64 bit version of the drivers. as a side note, the supplied driver disk includes a source version of the linux driver. is there any way to use this? Any help or suggestions greatly appreciated. Ray machine specs ASUS M2N-SLI DELUXE mobo 2GB ram AMD 5200 x2 processor (sorry, the box isn't in front of me) Not sure if nForce drivers are supported on the 6.2 install CD. You might want to give one of the 7-CURRENT driver CDs a go. Grab a snapshot iso from ftp://ftp7.freebsd.org/pub/FreeBSD/snapshots/200703, or the directory above it in one of the other snapshot directories if that doesn't work for you. Thanks for the response. just 2 questions: 1) is 7-CURRENT ready for a production environment? 2) should I stick with amd64 or should I go back to i386? Thanks, Ray -Garrett ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: new server setup questions
Ray wrote: On Saturday 17 March 2007 6:27 pm, Garrett Cooper wrote: Ray wrote: Hello, I'm trying to setup a new server, and I'm having some problems mostly with the network card. (machine specs follow) I can't get a driver to work for the integrated network card. I've spent a number of hours on google / the complete freeBSD / the freeBSD handbook. the handbook (section 11.8 http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/config-network- setup.html) outlines using ndis (project evil) drivers. I tried using this. I went through ndisgen, and everything seemed to work. I then tried to use kldload and got the error message: kldload: can't load file.ko :operation not permitted of course I did all of this as root. I am using the amd64 version of freeBSD (is this my first mistake?) and the 64 bit version of the drivers. as a side note, the supplied driver disk includes a source version of the linux driver. is there any way to use this? Any help or suggestions greatly appreciated. Ray machine specs ASUS M2N-SLI DELUXE mobo 2GB ram AMD 5200 x2 processor (sorry, the box isn't in front of me) Not sure if nForce drivers are supported on the 6.2 install CD. You might want to give one of the 7-CURRENT driver CDs a go. Grab a snapshot iso from ftp://ftp7.freebsd.org/pub/FreeBSD/snapshots/200703, or the directory above it in one of the other snapshot directories if that doesn't work for you. Thanks for the response. just 2 questions: 1) is 7-CURRENT ready for a production environment? By no means yet. 2) should I stick with amd64 or should I go back to i386? I don't think that will solve the problem. I think it has to do with driver availability. If you can get the 7-CURRENT snapshot to install and upgrade the source tree with amd64, you might be able to update the sources for your system and get on track with 6.2-RELEASE. -Garrett ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: new server setup questions
On Saturday 17 March 2007 6:49 pm, Garrett Cooper wrote: Ray wrote: On Saturday 17 March 2007 6:27 pm, Garrett Cooper wrote: Ray wrote: Hello, I'm trying to setup a new server, and I'm having some problems mostly with the network card. (machine specs follow) I can't get a driver to work for the integrated network card. I've spent a number of hours on google / the complete freeBSD / the freeBSD handbook. the handbook (section 11.8 http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/config-networ k- setup.html) outlines using ndis (project evil) drivers. I tried using this. I went through ndisgen, and everything seemed to work. I then tried to use kldload and got the error message: kldload: can't load file.ko :operation not permitted of course I did all of this as root. I am using the amd64 version of freeBSD (is this my first mistake?) and the 64 bit version of the drivers. as a side note, the supplied driver disk includes a source version of the linux driver. is there any way to use this? Any help or suggestions greatly appreciated. Ray machine specs ASUS M2N-SLI DELUXE mobo 2GB ram AMD 5200 x2 processor (sorry, the box isn't in front of me) Not sure if nForce drivers are supported on the 6.2 install CD. You might want to give one of the 7-CURRENT driver CDs a go. Grab a snapshot iso from ftp://ftp7.freebsd.org/pub/FreeBSD/snapshots/200703, or the directory above it in one of the other snapshot directories if that doesn't work for you. Thanks for the response. just 2 questions: 1) is 7-CURRENT ready for a production environment? By no means yet. 2) should I stick with amd64 or should I go back to i386? I don't think that will solve the problem. I think it has to do with driver availability. If you can get the 7-CURRENT snapshot to install and upgrade the source tree with amd64, you might be able to update the sources for your system and get on track with 6.2-RELEASE. I'll see what 7 does, but I'm sure I'll be back for help on that second part. Thanks, Ray -Garrett ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: new server setup questions
On Saturday 17 March 2007 6:56 pm, Ray wrote: On Saturday 17 March 2007 6:49 pm, Garrett Cooper wrote: Ray wrote: On Saturday 17 March 2007 6:27 pm, Garrett Cooper wrote: Ray wrote: Hello, I'm trying to setup a new server, and I'm having some problems mostly with the network card. (machine specs follow) I can't get a driver to work for the integrated network card. I've spent a number of hours on google / the complete freeBSD / the freeBSD handbook. the handbook (section 11.8 http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/config-netw or k- setup.html) outlines using ndis (project evil) drivers. I tried using this. I went through ndisgen, and everything seemed to work. I then tried to use kldload and got the error message: kldload: can't load file.ko :operation not permitted of course I did all of this as root. I am using the amd64 version of freeBSD (is this my first mistake?) and the 64 bit version of the drivers. as a side note, the supplied driver disk includes a source version of the linux driver. is there any way to use this? Any help or suggestions greatly appreciated. Ray machine specs ASUS M2N-SLI DELUXE mobo 2GB ram AMD 5200 x2 processor (sorry, the box isn't in front of me) Not sure if nForce drivers are supported on the 6.2 install CD. You might want to give one of the 7-CURRENT driver CDs a go. Grab a snapshot iso from ftp://ftp7.freebsd.org/pub/FreeBSD/snapshots/200703, or the directory above it in one of the other snapshot directories if that doesn't work for you. Thanks for the response. just 2 questions: 1) is 7-CURRENT ready for a production environment? By no means yet. 2) should I stick with amd64 or should I go back to i386? I don't think that will solve the problem. I think it has to do with driver availability. If you can get the 7-CURRENT snapshot to install and upgrade the source tree with amd64, you might be able to update the sources for your system and get on track with 6.2-RELEASE. -Garrett I'll see what 7 does, but I'm sure I'll be back for help on that second part. Thanks, Ray well, for whatever it proves, 7-current, bootonly can't see my network card. I'm still waiting for the full disk 1 to download. Ray ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: new server setup questions
On Sat, 17 Mar 2007 18:21:48 -0600 Ray [EMAIL PROTECTED] wrote: Hello, I'm trying to setup a new server, and I'm having some problems mostly with the network card. (machine specs follow) I can't get a driver to work for the integrated network card. I've spent a number of hours on google / the complete freeBSD / the freeBSD handbook. the handbook (section 11.8 http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/config-network-setup.html) outlines using ndis (project evil) drivers. I tried using this. I went through ndisgen, and everything seemed to work. I then tried to use kldload and got the error message: kldload: can't load file.ko :operation not permitted of course I did all of this as root. I am using the amd64 version of freeBSD (is this my first mistake?) and the 64 bit version of the drivers. as a side note, the supplied driver disk includes a source version of the linux driver. is there any way to use this? Any help or suggestions greatly appreciated. Ray machine specs ASUS M2N-SLI DELUXE mobo 2GB ram AMD 5200 x2 processor (sorry, the box isn't in front of me) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] a friend of mine installed a 6.2-RELEASE system with an nforce network card in it a few weeks ago. upon intial install, the nve adapter would not fire up. he put in another card that was supported (a linksys), did his cvsup and buildworld, and the nve driver worked after that. however, the nve thru our freebsd router has had trouble several times, locking the system up over frames with larger than 1500 mtu (or something to that effect). my friend had to dump the nve and just settle for the linksys, in the name of system system stability. cheers, jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Importing a server setup.
Hi all, I have a very good setup on a server that I would like to clone to a brand new server, and an existing server. My plan is dependant on two things, feel free to comment on them if I am missing something: 0. Make sure the machine to be cloned is using a generic kernel, and ensure the SAS driver is enabled. 1. I will take complete dumps of all the file systems (less swap and dev of course). These will be kept on a local machine that has filesharing setup (another freebsd box). 2. a. I will boot the new box using FreeBSD 6.1 or 6.2 CD.(How do I keep from entering sysinstall?) b.Setup the new filesystems, c. setup a local network IP and configure a network fileshare client so I can get to the dumps, (this is doable, right?) d. inport the stored data, and configure the machine specific details (hostname, IP etc etc etc), Am I missing antything here? -Grant ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Importing a server setup.
On Fri, Feb 09, 2007 at 09:47:27AM -0500, Grant Peel wrote: Hi all, I have a very good setup on a server that I would like to clone to a brand new server, and an existing server. My plan is dependant on two things, feel free to comment on them if I am missing something: 0. Make sure the machine to be cloned is using a generic kernel, and ensure the SAS driver is enabled. 1. I will take complete dumps of all the file systems (less swap and dev of course). These will be kept on a local machine that has filesharing setup (another freebsd box). 2. a. I will boot the new box using FreeBSD 6.1 or 6.2 CD. (How do I keep from entering sysinstall?) b.Setup the new filesystems, c. setup a local network IP and configure a network fileshare client so I can get to the dumps, (this is doable, right?) d. inport the stored data, and configure the machine specific details (hostname, IP etc etc etc), Am I missing antything here? Yes. How do you plan to set up file systems and configure a network if you don't install anything?My suggestion is that you install FreeBSD 6.2 and only move locally created files to it. This is presuming the image you want to duplicate is at lower than 6.2. Anyway, you can use the fixit system from CD to create filesystems and then to restore the dumps which would give you an identical system on the new machine, including IP and hostname. You should then be able to turn off the old machine and boot the new one in its place. I would then modify the hostname and IP on the old machine rather than make the new server have the different name so those things that are looking to it as server do not need to be changed. As for setting up filesharing before installing a system, I can't say. I haven't used it. jerry -Grant ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Importing a server setup.
On Fri, Feb 09, 2007 at 09:47:27AM -0500, Grant Peel wrote: Hi all, I have a very good setup on a server that I would like to clone to a brand new server, and an existing server. My plan is dependant on two things, feel free to comment on them if I am missing something: 0. Make sure the machine to be cloned is using a generic kernel, and ensure the SAS driver is enabled. 1. I will take complete dumps of all the file systems (less swap and dev of course). These will be kept on a local machine that has filesharing setup (another freebsd box). 2. a. I will boot the new box using FreeBSD 6.1 or 6.2 CD. (How do I keep from entering sysinstall?) b.Setup the new filesystems, c. setup a local network IP and configure a network fileshare client so I can get to the dumps, (this is doable, right?) d. inport the stored data, and configure the machine specific details (hostname, IP etc etc etc), Am I missing antything here? Might be easier to use g4u http://www.feyrer.de/g4u/ -- Kenny Dail [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RHEL 4 slave NIS server setup problem
Hi, Hope someone can help me here. We have a NIS master server running on FreeBSD 4.11. RHEL clients can bind to the server without any problem. Now I want to add another nis slave server using RHEL 4. When I issued command /usr/lib/yp/ypinit -s master, I got following errors: We will need a few minutes to copy the data from master. Transferring passwd.byuid... Trying ypxfrd ...rpc.ypxfrd doesn't support the needed database type call to rpc.ypxfrd failed: RPC: Can't decode result (failed, fallback to enumeration) Transferring passwd.byname... Trying ypxfrd ...rpc.ypxfrd doesn't support the needed database type call to rpc.ypxfrd failed: RPC: Can't decode result (failed, fallback to enumeration) Transferring group.bygid... Trying ypxfrd ...rpc.ypxfrd doesn't support the needed database type call to rpc.ypxfrd failed: RPC: Can't decode result (failed, fallback to enumeration) Transferring group.byname... Trying ypxfrd ...rpc.ypxfrd doesn't support the needed database type call to rpc.ypxfrd failed: RPC: Can't decode result (failed, fallback to enumeration) Transferring services.byname... Trying ypxfrd ...rpc.ypxfrd doesn't support the needed database type call to rpc.ypxfrd failed: RPC: Can't decode result (failed, fallback to enumeration) Transferring rpc.bynumber... Trying ypxfrd ...rpc.ypxfrd doesn't support the needed database type call to rpc.ypxfrd failed: RPC: Can't decode result (failed, fallback to enumeration) Transferring rpc.byname... Trying ypxfrd ...rpc.ypxfrd doesn't support the needed database type call to rpc.ypxfrd failed: RPC: Can't decode result (failed, fallback to enumeration) Transferring protocols.byname... Trying ypxfrd ...rpc.ypxfrd doesn't support the needed database type call to rpc.ypxfrd failed: RPC: Can't decode result (failed, fallback to enumeration) Transferring networks.byname... Trying ypxfrd ...rpc.ypxfrd doesn't support the needed database type call to rpc.ypxfrd failed: RPC: Can't decode result (failed, fallback to enumeration) Transferring protocols.bynumber... Trying ypxfrd ...rpc.ypxfrd doesn't support the needed database type call to rpc.ypxfrd failed: RPC: Can't decode result (failed, fallback to enumeration) Transferring hosts.byaddr... Trying ypxfrd ...rpc.ypxfrd doesn't support the needed database type call to rpc.ypxfrd failed: RPC: Can't decode result (failed, fallback to enumeration) Transferring netid.byname... Trying ypxfrd ...rpc.ypxfrd doesn't support the needed database type call to rpc.ypxfrd failed: RPC: Can't decode result (failed, fallback to enumeration) Transferring networks.byaddr... Trying ypxfrd ...rpc.ypxfrd doesn't support the needed database type call to rpc.ypxfrd failed: RPC: Can't decode result (failed, fallback to enumeration) Transferring ypservers... Trying ypxfrd ...rpc.ypxfrd doesn't support the needed database type call to rpc.ypxfrd failed: RPC: Can't decode result (failed, fallback to enumeration) Transferring hosts.byname... Trying ypxfrd ...rpc.ypxfrd doesn't support the needed database type call to rpc.ypxfrd failed: RPC: Can't decode result (failed, fallback to enumeration) faith.schrodinger.com's NIS data base has been set up. If there were warnings, please figure out what went wrong, and fix it. At this point, make sure that /etc/passwd and /etc/group have been edited so that when the NIS is activated, the data bases you have just created will be used, instead of the /etc ASCII files. Is it required to have the same nis map data file type on both master and slave? How to make maps transfer from FreeBSD to Linux correctly? Simon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
dmz server setup - opinions
I realize this may be partial religion and then potentially bias due to the list but here goes anyway. I need to build a DMZ server, of sorts, that will sit on the public internet. It will take in data from embeded devices and in turn services from behind a firewall will pull data from it to later process. The main processes that i need to run are ftpd,httpd, possibly smtpd(sasl2,tls), and later proprietary code that talks to the embeded devices. Originally i was thinking of using OpenBSD, as it seems to lend itself very nicely to the public but secure environment. On the other hand, if i were to use FreeBSD, i could jail each process, granted i could also chroot each process in OpenBSD and httpd is already done for me. I will be running a firewall on the box either way and will also have sshd and rsyncd running, only allowing access from the internal network. I have move expierence with freebsd, but my limited knowlegdge based on an install and configuration of openbsd3.7 has made me comfortable with it as well. Any opinions on which OS is better suited for the task? Security and reliablity are the foremost concers( aren't they everyones ) and i think both OS are more then up to the task. Thanks for any input. jeff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: dmz server setup - opinions
Jeff wrote: I realize this may be partial religion and then potentially bias due to the list but here goes anyway. There is nothing wrong with bias, per se, if you are aware that it exists. :-) I need to build a DMZ server, of sorts, that will sit on the public internet. It will take in data from embeded devices and in turn services from behind a firewall will pull data from it to later process. The main processes that i need to run are ftpd,httpd, possibly smtpd(sasl2,tls), and later proprietary code that talks to the embeded devices. A DMZ server implies you are setting up a screened public subnet along with a backend LAN subnet. If you are setting up a firewall with three interfaces, OK, but you should avoid running any services on that box except for IPFW/dummynet/PF/ALTQ/whatever. If you are setting up a box that has two interfaces, one with a public IP and one doing NAT to a private LAN subnet, that is still a firewall, but you don't have a DMZ. If need be, you can run proxy services on that box, but it still would be better from the standpoint of security to run them on an internal box via NAT forwarding of whatever ports are needed. Originally i was thinking of using OpenBSD, as it seems to lend itself very nicely to the public but secure environment. On the other hand, if i were to use FreeBSD, i could jail each process, granted i could also chroot each process in OpenBSD and httpd is already done for me. I will be running a firewall on the box either way and will also have sshd and rsyncd running, only allowing access from the internal network. OK. I have move expierence with freebsd, but my limited knowlegdge based on an install and configuration of openbsd3.7 has made me comfortable with it as well. Any opinions on which OS is better suited for the task? Security and reliablity are the foremost concers( aren't they everyones ) and i think both OS are more then up to the task. Both OSes are up to the task. If you are going to just set up a firewall, using OpenBSD would be an easy choice. However, it sounds like you plan to install at least your custom software, a web server, and several other 3rd-party pieces: FreeBSD ports makes doing that and keeping it up-to-date securely very easy via portaudit portupgrade. Many people seem to value things like cost and performance, or even convenience, more highly then they value security or reliability. Don't take this for a suggestion to change what you are doing, however. :-) -- -Chuck PS: What is your security policy? If this doesn't have a clear answer to you, start with identifying what it is you are trying to protect, and what it is that you are trying to protect whatever-that-is against. Then read: http://www.ietf.org/rfc/rfc2196.txt ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: dmz server setup - opinions
Chuck Swiger wrote: Jeff wrote: I realize this may be partial religion and then potentially bias due to the list but here goes anyway. There is nothing wrong with bias, per se, if you are aware that it exists. :-) I need to build a DMZ server, of sorts, that will sit on the public internet. It will take in data from embeded devices and in turn services from behind a firewall will pull data from it to later process. The main processes that i need to run are ftpd,httpd, possibly smtpd(sasl2,tls), and later proprietary code that talks to the embeded devices. A DMZ server implies you are setting up a screened public subnet along with a backend LAN subnet. If you are setting up a firewall with three interfaces, OK, but you should avoid running any services on that box except for IPFW/dummynet/PF/ALTQ/whatever. If you are setting up a box that has two interfaces, one with a public IP and one doing NAT to a private LAN subnet, that is still a firewall, but you don't have a DMZ. understood, thats the reason for the 'of sorts'. If need be, you can run proxy services on that box, but it still would be better from the standpoint of security to run them on an internal box via NAT forwarding of whatever ports are needed. Originally i was thinking of using OpenBSD, as it seems to lend itself very nicely to the public but secure environment. On the other hand, if i were to use FreeBSD, i could jail each process, granted i could also chroot each process in OpenBSD and httpd is already done for me. I will be running a firewall on the box either way and will also have sshd and rsyncd running, only allowing access from the internal network. OK. I have move expierence with freebsd, but my limited knowlegdge based on an install and configuration of openbsd3.7 has made me comfortable with it as well. Any opinions on which OS is better suited for the task? Security and reliablity are the foremost concers( aren't they everyones ) and i think both OS are more then up to the task. Both OSes are up to the task. If you are going to just set up a firewall, using OpenBSD would be an easy choice. However, it sounds like you plan to install at least your custom software, a web server, and several other 3rd-party pieces: FreeBSD ports makes doing that and keeping it up-to-date securely very easy via portaudit portupgrade. Many people seem to value things like cost and performance, or even convenience, more highly then they value security or reliability. Don't take this for a suggestion to change what you are doing, however. :-) true. Cost is just my time, and i feel performance between the two is negligible( Dell 750 Pentium 4 3GHz, 1G Ram 2 73G Drives RAID 1 ). I'd spend extra time/money, within reason, for security and reliability...how's it go? pay me now, or pay me laterheh. I appreciate the input. I'm now leaning going back inside the firwall with this, with freebsd, using jails for httpd/ftpd and allowing the current external firewall to continue its work using NAT and if i need the DMZ, set up an actual one, not just a public cache server, as i had explained here. again, thanks jd ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: iTunes server setup not going well
On Saturday 01 January 2005 01:05 am, Timothy Luoma wrote:
On Dec 31, 2004, at 9:41 PM, jason henson wrote:
[did that... I have downloaded Rendezvous.tar.gz and
mDNSResponder-58.8.tar.gz to /usr/ports/distfiles/]
After doing this, go back to /usr/ports/net/rendezvous (if
needed) and type: make install clean
BUT... but... there is no /usr/ports/net/rendezvous !
ports/net/p5-Net-Rendezvous
They're the same? I had seen that one but didn't realize it was the
same.
I thought maybe that I had to build mDNSResponder first, so I
tried that:
freebsd# cd /usr/ports/net/mDNSResponder/
freebsd# make install clean
=== Vulnerability check disabled, database not found
=== Extracting for mDNSResponder-58.8
= Checksum OK for mDNSResponder-58.8.tar.gz.
= Checksum OK for mDNSdocs-1.0.tar.gz.
=== Patching for mDNSResponder-58.8
=== Applying FreeBSD patches for mDNSResponder-58.8
4 out of 5 hunks failed--saving rejects to mDNSPosix/Makefile.rej
= Patch patch-mDNSPosix::Makefile failed to apply cleanly.
= Patch(es) patch-NetMonitor.c patch-Responder.c
patch-mDNSCore::mDNSClientAPI.h applied cleanly.
*** Error code 1
Don't download it yourself, do make fetch, or just make install.
Looks like you are downloading a different version than has been
ported. If you want the port updated contact the maintainer.
OK, I think I've got it working now.
Except that /usr/local/etc/rc.d/mDNSResponder.sh didn't exist
I copied /usr/ports/net/mDNSResponder/files/mDNSResponder.sh there,
but it clearly expects to be automatically configured by the
installation program.
#!/bin/sh
# PROVIDE: mDNSResponder
# REQUIRE: NETWORKING
# KEYWORD: FreeBSD
. %%RC_SUBR%%
name=mDNSResponder
rcvar=`set_rcvar`
command=%%PREFIX%%/sbin/mDNSResponder
mDNSResponder_enable=${mDNSResponder_enable:-NO}
mDNSResponder_flags=${mDNSResponder_flags:--b -n `/bin/hostname
-s`}
pidfile=/var/run/mDNSResponder.pid
load_rc_config $name
run_rc_command $1
# end
There's no 'mDNSResponder' in any sbin folder, there is one in
/usr/local/bin/mDNSResponder, so I tried changing that line to
command=/usr/local/bin/mDNSResponder
but then I get
set_rcvar: not found
load_rc_config: not found
run_rc_command: not found
I suspect that may have something to do with this line:
. %%RC_SUBR%%
and I have no idea what that should be.
So I Googled RC_SUBR mDNSResponder and came across
http://lists.freebsd.org/pipermail/freebsd-ports/2004-September/
015760.html which suggested I use . /usr/local/etc/rc.subr which
doesn't exist (maybe that's where it was for 4.x?) it is now at
/etc/rc.subr so I used this:
. /etc/rc.subr
/usr/ports/sysutils/rc_subr
A good explanation: http://www.freshports.org/sysutils/rc_subr/
so now I can run
/usr/local/etc/rc.d/mDNSResponder.sh start
without error
Does it work?
Well, we'll have to wait until I get to the office and check.
TjL
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
[EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: iTunes server setup not going well
On Fri, 31 Dec 2004, Chris wrote: Timothy Luoma wrote: On Dec 31, 2004, at 8:34 PM, Chris wrote: Somewhat related - is there a port that will play the files downloaded from ITunes? I think the answer is no. Protected AAC files can only be played in iTunes, I believe. TjL I sorta thought so - Oh well, so much for my collection that sit on my Windows box... It *might* be worth having a look at at the hymn project http://hymn-project.org/ however i dont have an ipod or use itumes so i havent realy looked at this past the front screen. -- Best regards, Chris Complex problems have simple, easy-to-understand wrong answers. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
iTunes server setup not going well
Hello all. I'm trying to follow the instructions at http://home.introweb.nl/~dodger/itunesserver.html Here's where I hit a snag: After doing this, you can remove the mDNSResponder.shar file. [did that] ...Now you'll have to download Rendezvous.tar.gz from Apple. Go to http://www.opensource.apple.com/projects/rendezvous/source/ Rendezvous.tar.gz, register and download the file to the directory /usr/ports/distfiles. [did that... I have downloaded Rendezvous.tar.gz and mDNSResponder-58.8.tar.gz to /usr/ports/distfiles/] After doing this, go back to /usr/ports/net/rendezvous (if needed) and type: make install clean BUT... but... there is no /usr/ports/net/rendezvous ! I thought maybe that I had to build mDNSResponder first, so I tried that: freebsd# cd /usr/ports/net/mDNSResponder/ freebsd# make install clean === Vulnerability check disabled, database not found === Extracting for mDNSResponder-58.8 = Checksum OK for mDNSResponder-58.8.tar.gz. = Checksum OK for mDNSdocs-1.0.tar.gz. === Patching for mDNSResponder-58.8 === Applying FreeBSD patches for mDNSResponder-58.8 4 out of 5 hunks failed--saving rejects to mDNSPosix/Makefile.rej = Patch patch-mDNSPosix::Makefile failed to apply cleanly. = Patch(es) patch-NetMonitor.c patch-Responder.c patch-mDNSCore::mDNSClientAPI.h applied cleanly. *** Error code 1 So this obviously isn't going well. Any ideas what I might be doing wrong? Thanks TjL ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: iTunes server setup not going well
Timothy Luoma wrote: Hello all. I'm trying to follow the instructions at http://home.introweb.nl/~dodger/itunesserver.html Here's where I hit a snag: After doing this, you can remove the mDNSResponder.shar file. [did that] ...Now you'll have to download Rendezvous.tar.gz from Apple. Go to http://www.opensource.apple.com/projects/rendezvous/source/ Rendezvous.tar.gz, register and download the file to the directory /usr/ports/distfiles. [did that... I have downloaded Rendezvous.tar.gz and mDNSResponder-58.8.tar.gz to /usr/ports/distfiles/] After doing this, go back to /usr/ports/net/rendezvous (if needed) and type: make install clean BUT... but... there is no /usr/ports/net/rendezvous ! I thought maybe that I had to build mDNSResponder first, so I tried that: freebsd# cd /usr/ports/net/mDNSResponder/ freebsd# make install clean === Vulnerability check disabled, database not found === Extracting for mDNSResponder-58.8 = Checksum OK for mDNSResponder-58.8.tar.gz. = Checksum OK for mDNSdocs-1.0.tar.gz. === Patching for mDNSResponder-58.8 === Applying FreeBSD patches for mDNSResponder-58.8 4 out of 5 hunks failed--saving rejects to mDNSPosix/Makefile.rej = Patch patch-mDNSPosix::Makefile failed to apply cleanly. = Patch(es) patch-NetMonitor.c patch-Responder.c patch-mDNSCore::mDNSClientAPI.h applied cleanly. *** Error code 1 So this obviously isn't going well. Any ideas what I might be doing wrong? Thanks TjL Somewhat related - is there a port that will play the files downloaded from ITunes? -- Best regards, Chris signature.asc Description: OpenPGP digital signature
Re: iTunes server setup not going well
On Dec 31, 2004, at 8:34 PM, Chris wrote: Somewhat related - is there a port that will play the files downloaded from ITunes? I think the answer is no. Protected AAC files can only be played in iTunes, I believe. TjL ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: iTunes server setup not going well
Timothy Luoma wrote: On Dec 31, 2004, at 8:34 PM, Chris wrote: Somewhat related - is there a port that will play the files downloaded from ITunes? I think the answer is no. Protected AAC files can only be played in iTunes, I believe. TjL I sorta thought so - Oh well, so much for my collection that sit on my Windows box... -- Best regards, Chris Complex problems have simple, easy-to-understand wrong answers. signature.asc Description: OpenPGP digital signature
Re: iTunes server setup not going well
[did that... I have downloaded Rendezvous.tar.gz and mDNSResponder-58.8.tar.gz to /usr/ports/distfiles/] After doing this, go back to /usr/ports/net/rendezvous (if needed) and type: make install clean BUT... but... there is no /usr/ports/net/rendezvous ! ports/net/p5-Net-Rendezvous I thought maybe that I had to build mDNSResponder first, so I tried that: freebsd# cd /usr/ports/net/mDNSResponder/ freebsd# make install clean === Vulnerability check disabled, database not found === Extracting for mDNSResponder-58.8 = Checksum OK for mDNSResponder-58.8.tar.gz. = Checksum OK for mDNSdocs-1.0.tar.gz. === Patching for mDNSResponder-58.8 === Applying FreeBSD patches for mDNSResponder-58.8 4 out of 5 hunks failed--saving rejects to mDNSPosix/Makefile.rej = Patch patch-mDNSPosix::Makefile failed to apply cleanly. = Patch(es) patch-NetMonitor.c patch-Responder.c patch- mDNSCore::mDNSClientAPI.h applied cleanly. *** Error code 1 Don't download it yourself, do make fetch, or just make install. Looks like you are downloading a different version than has been ported. If you want the port updated contact the maintainer. So this obviously isn't going well. Any ideas what I might be doing wrong? Thanks TjL ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: iTunes server setup not going well
On Friday 31 December 2004 08:14 pm, Chris wrote: Timothy Luoma wrote: On Dec 31, 2004, at 8:34 PM, Chris wrote: Somewhat related - is there a port that will play the files downloaded from ITunes? I think the answer is no. Protected AAC files can only be played in iTunes, I believe. TjL I sorta thought so - Oh well, so much for my collection that sit on my Windows box... I have no experience working with sound; but can you capture the music and reformat it if you feed it from your Window's sound card speaker jack into another computer's microphone or line-in port? Andrew Gould ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: iTunes server setup not going well
On Dec 31, 2004, at 10:09 PM, Andrew L. Gould wrote: On Friday 31 December 2004 08:14 pm, Chris wrote: Timothy Luoma wrote: On Dec 31, 2004, at 8:34 PM, Chris wrote: Somewhat related - is there a port that will play the files downloaded from ITunes? I think the answer is no. Protected AAC files can only be played in iTunes, I believe. TjL I sorta thought so - Oh well, so much for my collection that sit on my Windows box... I have no experience working with sound; but can you capture the music and reformat it if you feed it from your Window's sound card speaker jack into another computer's microphone or line-in port? If you want to talk about this, can you start another thread rather than taking this one over? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: iTunes server setup not going well
On Friday 31 December 2004 09:34 pm, Timothy Luoma wrote: On Dec 31, 2004, at 10:09 PM, Andrew L. Gould wrote: On Friday 31 December 2004 08:14 pm, Chris wrote: Timothy Luoma wrote: On Dec 31, 2004, at 8:34 PM, Chris wrote: Somewhat related - is there a port that will play the files downloaded from ITunes? I think the answer is no. Protected AAC files can only be played in iTunes, I believe. TjL I sorta thought so - Oh well, so much for my collection that sit on my Windows box... I have no experience working with sound; but can you capture the music and reformat it if you feed it from your Window's sound card speaker jack into another computer's microphone or line-in port? If you want to talk about this, can you start another thread rather than taking this one over? It was meant more as a suggestion. No usurping intended. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: iTunes server setup not going well
Andrew L. Gould wrote: On Friday 31 December 2004 09:34 pm, Timothy Luoma wrote: On Dec 31, 2004, at 10:09 PM, Andrew L. Gould wrote: On Friday 31 December 2004 08:14 pm, Chris wrote: Timothy Luoma wrote: On Dec 31, 2004, at 8:34 PM, Chris wrote: Somewhat related - is there a port that will play the files downloaded from ITunes? I think the answer is no. Protected AAC files can only be played in iTunes, I believe. TjL I sorta thought so - Oh well, so much for my collection that sit on my Windows box... I have no experience working with sound; but can you capture the music and reformat it if you feed it from your Window's sound card speaker jack into another computer's microphone or line-in port? If you want to talk about this, can you start another thread rather than taking this one over? It was meant more as a suggestion. No usurping intended. I don't' think anyone took it in a negative manor. -- Best regards, Chris Speak softly and own a big, mean doberman. signature.asc Description: OpenPGP digital signature
Re: iTunes server setup not going well
On Dec 31, 2004, at 9:41 PM, jason henson wrote:
[did that... I have downloaded Rendezvous.tar.gz and
mDNSResponder-58.8.tar.gz to /usr/ports/distfiles/]
After doing this, go back to /usr/ports/net/rendezvous (if needed)
and type: make install clean
BUT... but... there is no /usr/ports/net/rendezvous !
ports/net/p5-Net-Rendezvous
They're the same? I had seen that one but didn't realize it was the
same.
I thought maybe that I had to build mDNSResponder first, so I tried
that:
freebsd# cd /usr/ports/net/mDNSResponder/
freebsd# make install clean
=== Vulnerability check disabled, database not found
=== Extracting for mDNSResponder-58.8
= Checksum OK for mDNSResponder-58.8.tar.gz.
= Checksum OK for mDNSdocs-1.0.tar.gz.
=== Patching for mDNSResponder-58.8
=== Applying FreeBSD patches for mDNSResponder-58.8
4 out of 5 hunks failed--saving rejects to mDNSPosix/Makefile.rej
= Patch patch-mDNSPosix::Makefile failed to apply cleanly.
= Patch(es) patch-NetMonitor.c patch-Responder.c
patch-mDNSCore::mDNSClientAPI.h applied cleanly.
*** Error code 1
Don't download it yourself, do make fetch, or just make install.
Looks like you are downloading a different version than has been
ported. If you want the port updated contact the maintainer.
OK, I think I've got it working now.
Except that /usr/local/etc/rc.d/mDNSResponder.sh didn't exist
I copied /usr/ports/net/mDNSResponder/files/mDNSResponder.sh there, but
it clearly expects to be automatically configured by the installation
program.
#!/bin/sh
# PROVIDE: mDNSResponder
# REQUIRE: NETWORKING
# KEYWORD: FreeBSD
. %%RC_SUBR%%
name=mDNSResponder
rcvar=`set_rcvar`
command=%%PREFIX%%/sbin/mDNSResponder
mDNSResponder_enable=${mDNSResponder_enable:-NO}
mDNSResponder_flags=${mDNSResponder_flags:--b -n `/bin/hostname -s`}
pidfile=/var/run/mDNSResponder.pid
load_rc_config $name
run_rc_command $1
# end
There's no 'mDNSResponder' in any sbin folder, there is one in
/usr/local/bin/mDNSResponder, so I tried changing that line to
command=/usr/local/bin/mDNSResponder
but then I get
set_rcvar: not found
load_rc_config: not found
run_rc_command: not found
I suspect that may have something to do with this line:
. %%RC_SUBR%%
and I have no idea what that should be.
So I Googled RC_SUBR mDNSResponder and came across
http://lists.freebsd.org/pipermail/freebsd-ports/2004-September/
015760.html which suggested I use . /usr/local/etc/rc.subr which
doesn't exist (maybe that's where it was for 4.x?) it is now at
/etc/rc.subr so I used this:
. /etc/rc.subr
so now I can run
/usr/local/etc/rc.d/mDNSResponder.sh start
without error
Does it work?
Well, we'll have to wait until I get to the office and check.
TjL
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Private (only) DNS server setup?
Guys, I am trying to decrease the amount of traffic going through my cable modem. Presently, I have a FreeBSD 4.10 system acting as a gateway router. It runs ipf/ipnat for filtering, and acts as a dhcp server to the internal network. I also run ntpd, and have pointed all of my internal machines to the router for time services. I plan to add a caching web proxy, and a private DNS server - which is where my question comes in. I want to run a private DNS server which is visible internally only. Comcast doesn't like servers, so I don't want to broadcast any DNS information upstream. (this would also be kind of dumb, as the entries would point to non-routable addresses) I also want to create a private, internal zone so that I can stop passing hosts files around. (i.e. 192.168.1.1 - internal_host1, etc) IOW - I would like internal machines to point to my DNS server for internal external addresses. If the DNS server (on the router) can't find the address in its local cache, I would like the router to retrieve the record, and pass it along to the internal machine. In the end, I want to block all DNS traffic from the internal network from leaving the network - internal machines should only request DNS info from the router. I am already running dhcpd - so i plan to simply point all of the machines to my DNS server. If all goes well, new machines should be network ready right after the install. I have seen a large number of HOWTO's on the web, but all seem to assume that you want to propogate internal DNS info back upstream. Can anyone refer me to an appropriate README, HOWTO? Thanks, Seth Henry _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Private (only) DNS server setup?
Seth Henry writes: I have seen a large number of HOWTO's on the web, but all seem to assume that you want to propogate internal DNS info back upstream. Install Bind 9. (It's now the default for 5.x, don't know about 4.x) In the ARM (/usr/share/doc/bind9/arm), read section 6.2.22. Robert Huff ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Private (only) DNS server setup?
Hello, Seth Henry wrote: I want to run a private DNS server which is visible internally only. Comcast doesn't like servers, so I don't want to broadcast any DNS information upstream. (this would also be kind of dumb, as the entries would point to non-routable addresses) I also want to create a private, internal zone so that I can stop passing hosts files around. (i.e. 192.168.1.1 - internal_host1, etc) IOW - I would like internal machines to point to my DNS server for internal external addresses. If the DNS server (on the router) can't find the address in its local cache, I would like the router to retrieve the record, and pass it along to the internal machine. In the end, I want to block all DNS traffic from the internal network from leaving the network - internal machines should only request DNS info from the router. I did exactly that recently. This is pretty easy to set up once you understand DNS - DNS *can* be complicated, but for what you want to do, it's simple. You can find info in the FreeBSD-Handbook as well as in the BIND v9 Administrator's Reference Manual (which can be found at www.bind9.net, also, it's installed locally along with BIND9). I am already running dhcpd - so i plan to simply point all of the machines to my DNS server. If all goes well, new machines should be network ready right after the install. Works in my network. =) As I said, it's rather easy. I have seen a large number of HOWTO's on the web, but all seem to assume that you want to propogate internal DNS info back upstream. Can anyone refer me to an appropriate README, HOWTO? See the FreeBSD handbook and the Bindv9 ARM for caching-only nameserver. Beyond that, you just need to set up an internal zone. If you feel it might be helpful, I can send you a copy of my configuration and zone file/s. Kind regards, Benjamin ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Private (only) DNS server setup?
On Tue, 19 Oct 2004, Seth Henry wrote: Guys, I am trying to decrease the amount of traffic going through my cable modem. Presently, I have a FreeBSD 4.10 system acting as a gateway router. It runs ipf/ipnat for filtering, and acts as a dhcp server to the internal network. I also run ntpd, and have pointed all of my internal machines to the router for time services. I plan to add a caching web proxy, and a private DNS server - which is where my question comes in. I want to run a private DNS server which is visible internally only. Comcast doesn't like servers, so I don't want to broadcast any DNS information upstream. (this would also be kind of dumb, as the entries would point to non-routable addresses) Hi! Hm, basically you set up BIND (or one of DNS demons of your choice) and tell them to a) take queries from clients and get the resolution stuff done b) tell the named that he is primary server for certain domains, like foo.bar.homezone a) ist done automatically after named ist started, that BIND is a caching nameserver, for easy you should put a forwarders clause in your named.conf so that BIND always tries to ask your providers DNS first, will also help to reduce traffic. b) Well, if you want to propagate DNS upstream or only on a local network is the same setup, when you have a primary DNS running- its the same named.conf, where named is responsible for a certain zone. As you are running a firewall, I assume that every port that is not needed to be visible from outer space ist closed, so there is no problem with that. Or you could tell named to only listen on the internal interface, which is the technically correct solution. All that stuff should be covered within the handbook, as pointed out, in my named.conf on a 4-stable the comments in the named.conf are also sufficient to create a primary DNS... HTH Olaf -- Olaf Hoyer[EMAIL PROTECTED] Fuerchterliche Erlebniss geben zu raten, ob der, welcher sie erlebt, nicht etwas Fuerchterliches ist. (Nietzsche, Jenseits von Gut und Boese) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Private (only) DNS server setup?
The allow-recursion option would limit queries only to your lan. like this
options {
allow-recursion { 192.168.1.0/24; 127.0.0.1; };
};
Olaf Hoyer wrote:
On Tue, 19 Oct 2004, Seth Henry wrote:
Guys,
I am trying to decrease the amount of traffic going through my cable
modem. Presently, I have a FreeBSD 4.10 system acting as a gateway
router. It runs ipf/ipnat for filtering, and acts as a dhcp server to
the internal network. I also run ntpd, and have pointed all of my
internal machines to the router for time services.
I plan to add a caching web proxy, and a private DNS server - which is
where my question comes in.
I want to run a private DNS server which is visible internally only.
Comcast doesn't like servers, so I don't want to broadcast any DNS
information upstream. (this would also be kind of dumb, as the entries
would point to non-routable addresses)
Hi!
Hm, basically you set up BIND (or one of DNS demons of your choice) and
tell them to
a) take queries from clients and get the resolution stuff done
b) tell the named that he is primary server for certain domains, like
foo.bar.homezone
a) ist done automatically after named ist started, that BIND is a
caching nameserver, for easy you should put a forwarders clause in your
named.conf so that BIND always tries to ask your providers DNS first,
will also help to reduce traffic.
b) Well, if you want to propagate DNS upstream or only on a local
network is the same setup, when you have a primary DNS running- its the
same named.conf, where named is responsible for a certain zone.
As you are running a firewall, I assume that every port that is not
needed to be visible from outer space ist closed, so there is no
problem with that. Or you could tell named to only listen on the
internal interface, which is the technically correct solution.
All that stuff should be covered within the handbook, as pointed out, in
my named.conf on a 4-stable the comments in the named.conf are also
sufficient to create a primary DNS...
HTH
Olaf
--
Ezequiel O. Block
Cooperativa La Lonja.
Soporte Internet.
Buenos Aires, Argentina
F 02322-470406
T 02322-474537
E [EMAIL PROTECTED]
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
