Great!


I agree. I've only made a couple of exceptions so far: webmin and phpMyAdmin are installed from source (easy though). And the Apache/MySQL/PHP-related packages come from http://dotdeb.org's .deb repository which gets updates as well, but they're not official.

I'd prefer the stable packages rather than dotdeb, if stable is debugged/secure enough. What do you think?

I'm nixing qmail, actually, though I haven't updated the tutorial. I'm looking at a Postfix solution instead. I have been reviewing a few different tutorials to try to find a Debian-stable solution, and I am leaning toward something like this one (which is part of the install docs for PHPMyWebHosting). I think it might work well, and it uses standard packages.


Well, whatever. Hey, I'm open to other ideas.

Update:

I've been searching around for a good virtual mail howto that is simple to set up. No dice. The one I mentioned above is fairly complicated, and none of the howtos I saw using Postfix+Courier+MySQL talked about how to use the system once it's in place. Go figure.

So I'm on the fence between qmail+vmailmgr and Postfix+etc. Vmailmgr has a command-line interface which would work well for me, but it's not part of the Debian distribution.

Sorry for the late reply, just returned from a week's holiday in Scotland. I've forgotten how nice a holiday can be highly recommended !



I just finished installing a plain Debian server at home. I'll use it to make my guide better, also utilising information in yours.

I just updated my guide to reflect this, also have started to incorporate some bits and pieces from your guide.




Agree, I'd prefer that as well.




Thanks for the info, I'll use it when installing Postfix in this test server.




I noticed that too.... well, it seems that our guide will be filling a lot of holes once finished.




Fortunately, we have quite supportive Postfix community in Indonesia - so fingers crossed, I'll be able to set it up for virtual mail.

I'll keep you posted.



cheers,
Harry

Yes, I'll be on holiday soon myself (Maine here in the US), which is a good thing. I will hopefully go before I lose it and yell at my boss' boss. It's been one of those months.

-> -> -> -> ->

In any case, I'm glad to let someone else piece through the Postfix virtual mail puzzle - it's gives me a headache. <g>

What I'm hoping to generate is a secure virtual mailhosting setup with IMAP support, where the domain & mailuser can be configured via mySQL. (Kind of like using the mysql-include module for Apache.) Add a domain and mail users to the DB, restart the appropriate services (if necessary), and voila. That's my hope anyway.

Since there seem to be so many manual changes that need to be made to support it, perhaps we can put together something like this tutorial for qmail on Debian, but for Postfix:

http://www.qmailrocks.org/install_db.htm

They make the process simpler by scripting many of the manual changes.

Let me know what you think.

ged

Hi Ged,

Sorry, been busy with life & office in the past few weeks - anyway, looks like someone has beat us to it :

http://www.workaround.org/articles/ispmail/

I'm gonna give it a try as soon as possible, then I'll let you know.


cheers,
Harry

A few updates:
# A bit extra information on how to avoid logcheck from sending huge report to you (hint: specify entries that can be safely ignored)
# Firehol config updated- example to blacklist IP addresses (useful in case of DoS/DDoS), avoiding dhclient from filling logs with junk
# Information to setup postfix ala ISPs (database-based virtual domain, anti-virus/spam, webmail, etc)

http://www.harrysufehmi.com/phpwiki/index.php/SettingUpLinuxServer


cheers,
Harry

Ok, I'm ignoring it -- but Firehol does say specifically: "FireHOL requires this command for its operation".

And in http://www.harrysufehmi.com/phpwiki/ind ... r#firewall
(just above http://www.harrysufehmi.com/phpwiki/ind ... rhardening ) we read "If you see that your 7-lines firehol.conf becomes 150-lines of iptables commands, ..."
That hasn't happened!

How do we know if Firehol is working or not?

Try accessing the ports of the server which has been blocked by Firehol, see if it's REALLY blocked.

btw; wow, an ancient thread

or:

sudo firehol status

will produce the output of /sbin/iptables -nxvL | /usr/bin/pager.

Cliff

Right now any command (eg: start, stop, explain, debug, status, helpme) to firehol.sh generates this message:



Output from /sbin/iptables -nxvL is


I don't think firehol is working yet.

Hi,

You are right -- firehol did not create a firewall (iptables).

To resolve this you can either hack on firehol (so it doesn't require lsmod as a dependency) or you can install /bin/lsmod.

Debian:

apt-get install module-init-tools

Even though we can't use kernel modules on a Linode, having that package installed causes no harm.

Another thing you might want to do to appease firehol's environment checks, is this (as root):

mkdir /usr/src/linux-fake
ln -s /usr/src/linux-fake /usr/src/linux
zcat /proc/config.gz > /usr/src/linux/.config

That will kill the warning message firehol exudes when it can't find the non-existent kconfig file.


Cliff

Forever in your debt c1i77 ...

So that is what I did and all I had to do!

I haven't looked at iptables closely yet, but output from /sbin/iptables -nxvL | wc -l is 223 lines.

Attempted connections to rejected ports get closed immediately, so I guess firehol is now set up.

Thanks++

It would appear the wiki pages mentioned through out this thread all no longer work, anyone know where they moved too.

Thanks

thank you for bumping a 4 year old thread. No, most likely not.

Purana, might I suggest:
http://www.howtoforge.com/perfect_setup_debian_etch

It's a good tutorial for the initial setup, there are also howto's for other apps afterward, good luck.

404