tarballed
July 15th, 2003, 16:05
Hello everyone.
I am currnetly setting up one on of our mail servers to use Postifx..(i convinced them to let me use Postfix instead of sendmail!!:) )

Im using elmore's How-To for Postifx and so far it's great! (Thanks Elmore!).

Anyway, my question lies on some extra things that management wants me to implement in conjunction with this server.

The server is a beefy one: 2.8 Xeon CPU, 4 gigs RAM, 3 36 SCSI 320 drives, set in a RAID 5 array. It has a lot of horsepower.

The only thing that is going to run on this mail server is Postfix. This mail server will not be in our DMZ, but instead we are going to use, like I posted before, a forwarding mail server in the DMZ to send requests to this server.

With that in mind, would it be a bad idea to run djbdns on this server as well? It will only server requests to our internal LAN (but of course!).I know djbdns is much better than BIND, and comes highly recommended.

Any thoughts?

Thanks guys

Tarballed

bsdjunkie
July 15th, 2003, 16:09
I guess thats a question of how secure you feel your internal net is, and waht risks you have for doing it. Its definately good that it would be an internal DNS only, but imho, dns deserves its own box.

elmore
July 15th, 2003, 16:39
The box is beefy enough to handle both no question, Just like junkie said this is a matter of personal preference. Junkie likes to break DNS out. I'd prolly do both on the same box.

tarballed
July 15th, 2003, 17:01
Thanks guys. As far as how I feel about securing my network, I feel pretty good. There is always room for improvement though. :)

One thing I thought about doing was maybe creating a seperate partition and installing djbdns and running it on the partition, in a jail. I know djbdns is much better than BIND, but it is something I have considered. Anything I can do to make my machines more secure is worth the time and effort.

Other thing I wanted to ask about was configuring a mail forwarder on the DMZ. I read article on

http://www.linuxjournal.com/article.php?sid=4241

Briefly talks about how to configure a forwarder that is on the DMZ. However, I wanted to find more ways that I can secure the forwarded as well.

Anybody have suggestions or recommendations?

Thanks!

Tarballed

tarballed
July 15th, 2003, 18:12
Hey guys...back again. I have actually had some free time today to actually work on our mail servers. :)

Anyways, I went through elmores How-To and setup my mail server with some configs. (Still need to apply some of elmores goodies for junk and what not...).

I was wondering if there is any command that can be run to show what configs have been made for postfix? Something similar to testparm for samba. I wanted to get a good look of what I have configured.

Secondly, annyone have any recommended ways of testing my setup?
Since this is a brand, spanking new server, I will need to create users and such.

Any tips?

Tarballed

soup4you2
July 15th, 2003, 19:00
hmm

more /etc/postfix/main.cf

??

that will display your configs...lol

also telnet localhost 25
ehlo domain.com

shows some information also...

also if your going to go the dhbdns route i've got a howto stashed away on making it inside a jail if your interested...

tarballed
July 15th, 2003, 19:02
also if your going to go the dhbdns route i've got a howto stashed away on making it inside a jail if your interested...

Definitely! I could always use more documentation.

As far as the configs, I was trying to see if there was a way that could sort of 'sum up' what I have everything setup as. As it is now, I have all the notes inside my main.cf file that explains what each entry does. So I have to sift through everything to find what I have it set too...

Also, I wanted to setup spamassassin as well...trying to find a good setup to that as well.

Thanks though..keep it coming.

Tarballed

tarballed
July 15th, 2003, 19:06
Really quick. I was doing some testing, and it seemed to be working, some what. hehhe!

What does this mean:

End data with <CR><LF>.<CR><LF>


Tarballed

P.S. This is when I telnet to 25, do the helo ladladllad routine etc.

soup4you2
July 15th, 2003, 19:58
What does this mean:

End data with <CR><LF>.<CR><LF>



when your done w/ the message enter the period (.)
on a blank line..

as for the djbdns jail look in the top 10 link on my site it should be one of those..

tarballed
July 15th, 2003, 20:14
thanks soup...I appreciate it.

Im trying to power through this particular setup. At least for now, i'd like to have postfix setup as well as spamassassin.

I'd like to eventually incorporate minions how-to for a postfix setup. However, I need to configure a few more things. Specifically, spamassassin.

Anyone have a good link or a how-to for spamassassin. I'm feeling edgy here at work and its pissing me off. :evil: If possible, i'd like to get this thing mostly completed today.

Thanks guys. I appreciate your help.

Tar

soup4you2
July 15th, 2003, 20:42
i believe there's a howto in the howto section...

there's also a setup in my top 10 also.. which is basically minion's and elmore's howto's combined w/ a few addons i put in...

been workin on a new updated howto but been slacking lately..

tarballed
July 15th, 2003, 21:13
thanks soup...im edgy because I have so much to do and it's pissing me off. I know if i had an hour to work on this, I would be very close to finishing it up.

Also, I found this link from the spamassassin web site:

http://advosys.ca/papers/postfix-filtering.html

Been flipping through it. I'd like to do a couple of things with this mail server.

1) Make it as secure as possible
2) Obviously, get postfix up and running (so far so good...need to tweak it though)
3) install and test spamassassin (working on it...i'm overwhelmed right now hough)
4) Install a Anti-virus of some sort...maybe amavis?
5) Configure mailing lists (anyone suggestions on which kind to use?)

Anyway, my brain feels like mush and I feel like crap. But, I will feel much better once I get this thing completed.

I'll be posting here tomorrow for additional help once I am at work.

See everyone tomorrow.

T.

soup4you2
July 15th, 2003, 21:24
ok amavis is good.. i recommend the amavis-new port but amavis is not really a virus scanner it just relays mail to a currently installed virus scanner..

i would recommend setting up sophis or f-prot as your primary scanner and clamscan as a secondary..

tarballed
July 15th, 2003, 21:42
Hmm...have not heard of sophis. I've heard people mention f-prot, but don't know much about it.

As far as clamscan, is that clamav? I've seen that one and it looks pretty good.

Tomorrow im planning on hitting it very hard on postfix and spamasssin.
I'll chat with everyone tomorrow.

Tarballed

tarballed
July 16th, 2003, 16:15
A Follow up here.

Krusy was nice enough to give me this link last night in irc on setting up a linux server with postfix, spamassassin and a few other goodies. Here is the link:

http://www.geocities.com/scottlhenderson/spamfilter.html

I wanted to point out the first paragraph:

This Guide documents a step-by-step Red Hat Linux install using postfix,
amavisd-new, SpamAssassin, and Razor to create an anti-spam email
relay server (i.e., no local mail delivery on this box - all inbound mail is
simply directed through this system, and on to its final mail server. SPAM
is filtered out and directed to a specified mailbox somewhere which can
be reviewed for content, including for any "false postives"). This setup
gives the system administrator control over spam, removing the need for
end user interaction. All decisions on spam filtering are handled right
at this relay server, by YOU.

With that in mind, I wanted to ask a few quick questions. Our email server itself is pretty beefy. Lot of CPU RAM and space. But, I wanted to setup a mail relay in our DMZ to forward everything to our internal mail server.
What I wanted to ask is, do you guys think it would be best to put everything on the DMZ mail relay or, just setup a mail relay and then setup everything on the mail server itself? (I should mention that at this time, management wants the web server on the mail relay as well. :roll: )

Anyone care to comment on that?

Thanks guys.

Tarballed

tarballed
July 16th, 2003, 19:17
Ok...i've been busting my balls today on this thing. Its tough working as well when you are slightly hung over. Oops.

Anyway, I was doing some work with postfix today, trying to read up on it, configure it and so forth. I decided for now, that I will just setup a mail relay in the DMZ to forward emails to my internal mail server. I will then setup the mail server with postfix, spamassassin and all the other stuff.

I found the command I was looking for, to list what has been configured in postfix. It is: postfix -n :)

Here is my output.

[code:1:649189c20b]alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
biff = no
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[localhost]:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
header_checks = regexp:/etc/postfix/header_checks
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = ikickyourass.com
mydomain = ikickyourass.com
myhostname = corp.ikickyourass.com
mynetworks = 192.168.1.0/24
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-1.1.11/README_FILES
sample_directory = /usr/share/doc/postfix-1.1.11/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_banner = corp.courtesymortgage.com ESMTP
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, reject_unknown_hostname, reject_non_fqdn_hostname, reject_maps_rbl
transport_maps = hash:/etc/postfix/transport
[/code:1:649189c20b]

Some basic configs for now.

Anyone care to comment on what I have so far? I'm not finshed yet, but I want to make sure I have postifx up and running correctly, then do some spam stuff.

Thanks d00dS!

Tarballed

tarballed
July 17th, 2003, 16:24
Alright...so far, i've been figuring out and answering my own questions..heheh

Anyway, I decided to just make the mail relay a relay, nothing else for now. Then, im going to install and setup postfix, spamassassin, razor and possibly amavis-new.

There is a lot of crap in all of those above. Currently, I am juggling about 12 different things (no joke...im up to my neck in all sorts of stuff). So it gets frustrating when I start somthing, yet cannot finish it.

Anyways, I've been reading over quite a few docs and what not. I want to make sure that I set this up correctly and securely.

Secondly, anyone heard or used perl -MCPAN ?

I read a few documents that suggested using this particular method to install software and options.

BTW, where is everybody? :shock: hehe

Tarballed

bsdjunkie
July 17th, 2003, 16:56
Would love to help, but Mail servers are not my expertise by any means :P

As far as Perl, the MCPAN is NICE!! 8) its a great way to grab all the perl modules you want to play with like Net::Telnet, Net::FTP, etc....

Run

perl -MCPAN -e shell

the first time it will ask you some questions of where some programs are located on your system and get it all setup. The default should work for most of the stuff. After that you can use it to fetch and install the modules

at the cpan prompt you can type

install Net::Telnet

and it does so... =)
kinda like bsd ports.

tarballed
July 17th, 2003, 17:40
Ya...just chatted with elmore about perl MCPAN. Looks very very cool. I'd like to find more info on it.

Know of where I can find some pages for it? Reason I ask is that I ran a few installs with it and ran into some errors and such. I'd like to find out what the problem is.

Quick question on my postfix setup in regards to /etc/postfix/transport.

Since im setting up everything on my mail server, I should noto have to worry about transport correct? I will only need to setup the transport file on my mail relay correct?

Man. Postfix is very cool and very robust. I have yet to get into spamassassin. :)

Tarballed

tarballed
July 18th, 2003, 12:29
I'm back everyone!! After a hard day fighting with all sorts of crap, I finally got a chance to do some reading on a few documents.

As I continue my adventure in setting up a Postfix mail server with SA and possibly a scanner of some sort, i've been trying to find as much info as I can. I've read the how to's here and they have been very helpful.

I was curious if anyone has heard of this particular piece of software that can be used with Postfix and SA:

http://mailtools.anomy.net/

Also, I was curious if procmail was suggested part to implement as well.

Thanks d00ds. It should be a pretty busy day for me today, but I look forward to everyones input.

Tarballed