Re: [qmailtoaster] Re: Webmail SSL
Hi Eric, I will check , but I dont think I setup any VirtualHost in the http.conf Maybe I need to ?, but not sure why I would need any I will check when I get back in town on Monday madmac Are you using VirtualHost definitions in apache? If so, see http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#vhosts Will you post the mod_rewrite commands you were using that failed to do what you wanted? I might be able to see whatever the problem is. -- -Eric 'shubes' madmac wrote: I could not get any redirects to work on my qmail server: So I forced ssl, by that I mean I modified the http.conf to listen on 80, and 443 Made a defailt index.html for http, saying nothing here: you must go to https://servername.com/webmail Then sent a server wide email to the fact. I will be later forcing pop3s and imapds, but need baby stems for the users As there is only One admin ( me ) I always go to https://servername.com/qcontrol , just force of habit. For those that rememeber some of my previous emails, I created a new VM Image unsing Centos 5.4 ISO, I made it ( Hopefully ) ultra secure. Link to it from Jake`s site ,http://iso.qmailtoaster.com/ or if the link is still down, download direct from my server http://techyguru.com If there is a working solution to get the correct redirect working, I will add it to the VM Image and re-upload. Thanks All madmac - Original Message - *From:* Scott Hughes mailto:sonicscott9...@gmail.com *To:* qmailtoaster-list@qmailtoaster.com mailto:qmailtoaster-list@qmailtoaster.com *Sent:* Friday, May 28, 2010 10:18 PM *Subject:* Re: [qmailtoaster] Re: Webmail SSL CJ, Yes, those two directives are doing what I need them to do. Thanks! Scott On May 28, 2010, at 11:12 PM, Maxwell Smart c...@yother.com mailto:c...@yother.com wrote: Scott, It sounds like you handle multiple domains, but only in a mail environment. In my case I have used the QMTISO as a base to my webservers. It has been an excellent base. You can put those in the httpd.conf file or as Eric suggested in a .conf file in your conf.d folder. /Also, I can still get to the webmail by using the standard 'www.SERVERNAME.net/webmail http://www.SERVERNAME.net/webmail'. In this case, it does go to the SSL page via the SSLREQUIRESSL and the 403 https://mail.SERVERNAME.net/ directives. / My personal preference would be to remove these aliases once you get the https sorted. Is it doing what you want (expect) now? @Eric. I'll check out that link and see if it applies to my situation. CJ On 05/28/2010 07:02 PM, Scott Hughes wrote: CJ, I don't use virtual hosts on this server. While this QMT server does handle several domains, I have everyone pointed to the main domain name to access their mail (webmail and mail clients). In addition to keeping all the settings the same, I can get away with only needing one SSL certificate instead of one for each domain. Where in httpd.conf would be the best place to put these directives with the setup I have? Scott On 5/28/10 8:51 PM, Maxwell Smart wrote: When you include SSLRequireSSL and it's not an SSL connection it will give an error 403, using the ErrorDocument 403 https://mail.servername.net include it will then redirect the page to the https page. On 05/28/2010 06:26 PM, Scott Hughes wrote: CJ, I'm not getting any 403 errors. Would this still apply? I'm just looking to make it so that when one of my users goes to mail.SERVERNAME.net http://mail.SERVERNAME.net' they get the SSL pages. Thanks, Scott On 5/28/10 6:50 PM, Maxwell Smart wrote: Add these two lines to the virtual server. SSLRequireSSL ErrorDocument 403 https://mail.servername.net There is a way to do a simple redirect, but I haven't played with it and can't seem to get it to work as desired. I am told it has to do with timeout. You set the META to timeout and redirect to the SSL site. It can be seamless too. I know the above works and I am sure there is not much to be gained using the latter configuration. On 05/28/2010 04:27 PM, Scott Hughes wrote: CJ / Eric, How does one set up a redirect so that people automatically go to the secure area? My SSL setup is working, but only if I go directly there (https://mail.SERVERNAME.net). If I just do 'mail.SERVERNAME.net, it goes to the non-secure page. My setup is as follows: I have a symlink in my /var/www/html directory called 'webmail' (the symlink points to the Squirrelmail directory). In my http.conf file, in the document_root section, I have it setup to go to /var/www/html/webmail. I do this so that my users can type in mail.SERVERNAME.net
Re: [qmailtoaster] Opinions Please
That looks interesting. Been thinking about this myself a lot lately (failover, not load balancing, especially for http). Being in hurricane alley I think about this this time every year. Not too worried about mail, as I just use smtp routes to point everything back to primary mail server(s). I use dnsmadeeasy's failover services for my must be up sites, but wondering.. I have a sneaky idea. Maybe. Might I be cheating a bit if I were to: Setup a couple of domains on dnsmadeeasy (or any service that does failover reliably), and add failover service to each. Add records for ns1, ns2, whatever to each. Setup a dns server on each machine (different geographical locations). Each dns server would be configured to point to it's own set of records (for that location) Setup failover for ns1, ns2, etc at failover dns service to rollover to the live dns server, thus effectively failovering all records for everything on the dns server. With hundreds of domains, this could save a lot of money paying for individual failover service. Does this make sense? Thoughts? Scott Hughes wrote: I am considering setting up a second QMT server using Jake's replicated server tutorial. These servers will be in two different cities for maximum redundancy. If I remember correctly, Jake mentioned setting up DNS round robin to balance the two QMT servers. My question is this: Is DNS better for load balancing, or would it be better to utilize a load balancing program like 'balance' (http://www.inlab.de/balance.html) ? Or does it really make a difference for this application. I would be balancing IMAP (993) / SMTP (25) / POP3 (110). Thanks, Scott - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] Opinions Please
If I follow you right, the biggest issue would be the TTL of the DNS records. If you're using ns1, and everything resolves to the addresses contained in it at location 1, then if failover occurs to ns2, and thus site 2, that would work for new requests for DNS information. But, cached information, which is usually at least an hour or more, would still try to resolve to the old IP's. If site 1 is down, then traffic bound for site 1 (Cached requests) would fail. I may not have understood what you were trying to say though.. Mike -Original Message- From: South Computers [mailto:i...@southcomputers.com] Sent: Sunday, May 30, 2010 11:17 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Opinions Please That looks interesting. Been thinking about this myself a lot lately (failover, not load balancing, especially for http). Being in hurricane alley I think about this this time every year. Not too worried about mail, as I just use smtp routes to point everything back to primary mail server(s). I use dnsmadeeasy's failover services for my must be up sites, but wondering.. I have a sneaky idea. Maybe. Might I be cheating a bit if I were to: Setup a couple of domains on dnsmadeeasy (or any service that does failover reliably), and add failover service to each. Add records for ns1, ns2, whatever to each. Setup a dns server on each machine (different geographical locations). Each dns server would be configured to point to it's own set of records (for that location) Setup failover for ns1, ns2, etc at failover dns service to rollover to the live dns server, thus effectively failovering all records for everything on the dns server. With hundreds of domains, this could save a lot of money paying for individual failover service. Does this make sense? Thoughts? Scott Hughes wrote: I am considering setting up a second QMT server using Jake's replicated server tutorial. These servers will be in two different cities for maximum redundancy. If I remember correctly, Jake mentioned setting up DNS round robin to balance the two QMT servers. My question is this: Is DNS better for load balancing, or would it be better to utilize a load balancing program like 'balance' (http://www.inlab.de/balance.html) ? Or does it really make a difference for this application. I would be balancing IMAP (993) / SMTP (25) / POP3 (110). Thanks, Scott - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Opinions Please
Thanks, Yes, that is always the problem with dns failover. But I have to say, it has worked extremely well with the paid service I use for the critical domains on a domain by domain basis. I think they just set the ttl very low. To keep it simple, what I'm thinking it that rather than pay for the service for hundreds of domains (I do a lot of affiliate marketing), maybe do it for the dns of the actual nameservers at the locations (both ns1 ns2), so IPs for them (my nameservers) would change on the fly as an outage occurs for both ns1 ns2. Naturally, both sets of nameservers would publish the IP addresses of the web servers for their own location only. Michael J. Colvin wrote: If I follow you right, the biggest issue would be the TTL of the DNS records. If you're using ns1, and everything resolves to the addresses contained in it at location 1, then if failover occurs to ns2, and thus site 2, that would work for new requests for DNS information. But, cached information, which is usually at least an hour or more, would still try to resolve to the old IP's. If site 1 is down, then traffic bound for site 1 (Cached requests) would fail. I may not have understood what you were trying to say though.. Mike -Original Message- From: South Computers [mailto:i...@southcomputers.com] Sent: Sunday, May 30, 2010 11:17 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Opinions Please That looks interesting. Been thinking about this myself a lot lately (failover, not load balancing, especially for http). Being in hurricane alley I think about this this time every year. Not too worried about mail, as I just use smtp routes to point everything back to primary mail server(s). I use dnsmadeeasy's failover services for my must be up sites, but wondering.. I have a sneaky idea. Maybe. Might I be cheating a bit if I were to: Setup a couple of domains on dnsmadeeasy (or any service that does failover reliably), and add failover service to each. Add records for ns1, ns2, whatever to each. Setup a dns server on each machine (different geographical locations). Each dns server would be configured to point to it's own set of records (for that location) Setup failover for ns1, ns2, etc at failover dns service to rollover to the live dns server, thus effectively failovering all records for everything on the dns server. With hundreds of domains, this could save a lot of money paying for individual failover service. Does this make sense? Thoughts? Scott Hughes wrote: I am considering setting up a second QMT server using Jake's replicated server tutorial. These servers will be in two different cities for maximum redundancy. If I remember correctly, Jake mentioned setting up DNS round robin to balance the two QMT servers. My question is this: Is DNS better for load balancing, or would it be better to utilize a load balancing program like 'balance' (http://www.inlab.de/balance.html) ? Or does it really make a difference for this application. I would be balancing IMAP (993) / SMTP (25) / POP3 (110). Thanks, Scott - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For