Here are a few basic apt-get commands for the OpenLDAP installation. I have to look into how TLS is actually implemented and configured. Continue reading "Installing OpenLDAP on Debian Lenny" »
Friday, July 31. 2009
Installing OpenLDAP on Debian Lenny
Installing Asterisk 1.6.2.0 beta3 on Debian Lenny 5.0.2
Debian package manager has the Asterisk v1.4 flavour as a package, but I wanted the latest to try out. Here is the work flow to get the basics in place: Continue reading "Installing Asterisk 1.6.2.0 beta3 on Debian..." »
Wednesday, July 29. 2009
A Singleton Per Thread
A while ago, I had written about singletons, and how there isn't something straight-forward in Boost. Recently, I've seen references to a couple of interesting messages regarding not only singletons, but how to get a singleton per thread. Continue reading "A Singleton Per Thread" »
Friday, July 24. 2009
Debian Lenny with Sendmail, Dovecot, MailScanner, SpamAssassin: Part 6
I've spent the last articles writing about getting an open source email server up and running. So far so good. My email logs show that a tremendous amount of spam is being blocked. One begins to wonder if there any real email remaining any more.
During the building of this server, a number of web sites provided useful information for troubleshooting and for configuration. I'm listing them here for reference before I close them out.
- http://www.linuxweblog.com/blogs/sandip/20080206/sendmail-accessdb-example: provided useful explanations and examples of the interactions between the access database, the blacklist_recipients feature, the value part of the map, and how to use the delay_checks feature for negative or positive exception handling.
- ZEN Return Codes: The 127.0.0.x return codes. Basically, 127.0.0.2 is for direct UBE sources, spam services, and ROKSO spammers; 127.0.0.4-8 are for illegal 3rd party exploits, including proxies, worms and trojan exploits; and 127.0.0.10-11 are for non-MTA IP address ranges set by outbound mail policy
- : a good description of the sendmail.mc file, it's options,
features, and ordering. It goes into some detail about special considerations of the VIRTUSER_DOMAIN_FILE. It also goes into uses
and configuration examples of the access file.
- SPF Setup Wizard: I'm not sure if the Sender Policy Framework (SPF) is much in use, but this web size provides a wizard for it's DNS record creation.
- Sendmail Readme for Configuration: The original source for configuring Sendmail.
- Linux Home Server HowTo: Sendmail: another article on how to build a full-fledged email server. One key command for ensuring you havn't configured an open relay through a series of 19 tests: 'telnet relay-test.mail-abuse.org'. When run from the mail server, the server at relay-test.mail-abuse.org will connect back to your server on port 25 and run the series of tests.
- sendmail.mc: this is the best organized and best documented sample sendmail.mc file I've ever seen.
- xabean's sendmail.mc: example sendmail.mc with native macros and a milter, with hotlinks to relevant sections in the Sendmail Readme file.
- Hugo van der Kooij's sendmail.mc: looks like he no longer runs sendmail, but here is his sendmail.mc with some native macros.
In some follow-up, I came across MailWatch, which is a web-based front-end to MailScanner written in PHP, MySQL and JpGraph and is available for free under the terms of the GNU Public License.
Sunday, July 19. 2009
Debian Lenny with Sendmail, Dovecot, MailScanner, SpamAssassin: Part 5
A couple of articles ago, I started with a DoveCot Installation. I managed to download, build, and get a rough installation. I also prepared a userid for the service. It was at that point in the Dovecot installation instructions where they started talking about certificates, and I side-tracked into Certificate Authorities and certificate installation.
In /etc/dovecot, I copied dovecot-example.conf to dovecot.conf. In dovecot.conf, I updated the following lines to get things started:
protocols = imap imaps disable_plaintext_auth = no ssl = no mail_location = maildir:~/Maildir #mail_location = maildir:/%h/Maildir auth_debug_passwords = yes
Dovecot Wiki does a good job of explaining the installation process. In fact, the non-ssl installation process is quite painless, and consists mostly of testing the connection.
Once the basic configuration is tested, then enable the configuration for ssl, and restart Dovecot.
disable_plaintext_auth = yes ssl = yes auth_debug_passwords = no # Same keys from the sendmail installation ssl_cert_file = /etc/ssl/private/mail.example.com.crt ssl_key_file = /etc/ssl/private/mail.example.com.key
Startup an IMAP session with a Mail Client and try IMAP and IMAPS. Try sending email as well through the SMTP Sendmail connection with encryption. Tcpdump can be used to look at packets.
There is a Sample Dovecot init.d script which can be used to start, stop, and reload the service. The sample can be pasted verbatim into /etc/init.d/dovecot. Also do a 'chmod 755 /etc/init.d/dovecot'. Then '/etc/init.d/dovecot start'.
With a successful send and receive of email, that wraps up the rather lengthy configuration of a reasonably protected email solution encompassing Sendmail as an email transport mechanism, Dovecot as an IMAP/IMAPS service, and MailScanner with SpamAssassin/F-Prot for email scanning and protection.
Debian Lenny with Sendmail, Dovecot, MailScanner, SpamAssassin: Part 4
It has taken a series of articles to get Sendmail installed and working with authentication, inline encryption, and some inline DNSBL capabilities. In this article, I'll see if I can get MailScanner, SpamAssassin and a virus scanner up and running with Sendmail. Continue reading "Debian Lenny with Sendmail, Dovecot,..." »
Saturday, July 18. 2009
Testing HTTPS Connections with OpenSSL
To test what gets returned from port https (port 443) of a web server, connect with: Continue reading "Testing HTTPS Connections with OpenSSL" »
Friday, July 17. 2009
OpenSSL Server Certificates
To use the SSL/TLS verification and encryption features of OpenSSL based certificates for email, web, ldap, database and other similar solutions, certificates need to be created, signed, installed, and have a path to a valid certificate authority. Many people will do self-signed certificates just to get the verification and encryption capabilities for self-use. At the present time, it is possible to obtain a path to a free certificate authority. StartSSL provides free certificate signing to secure personal web sites, public forums or web mail. Continue reading "OpenSSL Server Certificates" »
Thursday, July 16. 2009
Certificate Authorities
In rebuilding my servers, many of the services--such as email, vpn, ldap, database, dns--make use of authentication and encryption protocols. Many of these make use of the OpenSSL Project for implementing Secure Sockets Layer
Monday, July 13. 2009
Debian Lenny with Sendmail, Dovecot, MailScanner, SpamAssassin: Part 3
In part two of this series, I started into the installation of the Dovecot IMAP service. The IMAP serivce can use validation and encryption through the use of SSL/TLS services. SSL/TLS services require the use of Certificates signed through a Certificate Authority. Many installation directions provide information for using the simple expedient of self-signed certificates. As some of these services I'm building are quasi-public, I wanted to go through the exercise of getting my certificates signed through a Certificate Authority. As such, I was side-tracked into doing some research to come up with two intermediate articles: Continue reading "Debian Lenny with Sendmail, Dovecot,..." »
Sunday, July 12. 2009
Debian Lenny with Sendmail, Dovecot, MailScanner, SpamAssassin: Part 2
Now that email is inbound and being stored, now I need a mechanism of accessing it remotely. In the past I used courier-imap. Lately, the in-thing appears to be Dovecot. It appears to be fast, simple, and effective.
The Debian package repository is not really up-to-date, so I'll have to download the source and compile. The source is Dovecot v1.2.1. I usually put it into /usr/src and 'tar -zxvf ' it to expand the source. For configuring and compiling, I used:
./configure \ --sysconfdir=/etc/dovecot \ --with-storages=maildir \ --localstatedir=/var/local/dovecot \ --with-rundir=/var/local/dovecot/run \ --with-statedir=/var/local/dovecot/state \ --with-pam make make install
A user dovecot needs to be added with 'useradd -r dovecot'.
Debian Lenny with Sendmail, Dovecot, MailScanner, SpamAssassin: Part 1
I am in the process of migrating and updating my email server to something bigger-better-faster. Last time I built an email server was a number of years ago on a Redhat system. Things have changed since then. During my re-learning process, here are some notes I've made on getting Sendmail and related processes on to a Debian Lenny system. Continue reading "Debian Lenny with Sendmail, Dovecot,..." »