A Server (Almost) of Your Own
There have been many automated attacks against SSH. At the very least, you must use strong passwords, or your system will be compromised. The apg utility simplifies this task. It generates random, non-dictionary “words” that you can pronounce. There are apg packages for most popular Linux distributions.
Make sure to look in the on-line Resources for this article for more information. SSH security is not specific to the VPS environment—it is also an important issue in standard virtual hosting. With a VPS, however, you do have the flexibility to protect yourself properly. The resources page is at /article/9380.
The mail server, also known as the Mail Transfer Agent (MTA), is a program that delivers and receives e-mail messages. The MTA will receive all the mail that others send you. Likewise, any messages you send to others will leave your VPS through the MTA.
The default MTA on your VPS is Sendmail. This sophisticated, powerful program has advantages for complex e-mail configurations. Unfortunately, it also is difficult to configure and tends to have a lot of security problems.
Therefore, we replace Sendmail with Postfix. Postfix is efficient, very secure and, most important, easy to configure. Before proceeding with the installation, shut down Sendmail, and make sure that it will not start again on reboot. Then, install Postfix:
[root@myvps ~]# /etc/init.d/sendmail stop Shutting down sendmail: [ OK ] Shutting down sm-client: [ OK ] [root@myvps ~]# chkconfig --del sendmail [root@myvps ~]# up2date --install postfix
Note that using the up2date command to install packages is specific to Red Hat and related distributions. You may be presented with a configuration screen the first time that you run up2date. You can simply press Enter to accept the default values. In addition, up2date is sometimes very slow and can even fail for transient reasons. You can try the command again if it does not work the first time.
The main Postfix configuration file is /etc/postfix/main.cf. Save a copy of this file to read later, because it contains many helpful comments. Then, replace /etc/postfix/main.cf with the code from Listing 1. You should modify your new main.cf to specify the domain names that you will be hosting on your VPS.
# Example "main.cf" file for Postfix on a VPS. # # Note that lines that begin with whitespace # continue the previous line. # # LOCAL PATHNAME INFORMATION queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix # QUEUE AND PROCESS OWNERSHIP mail_owner = postfix # Host name is usually the domain name on a VPS. myhostname = first.domain mydomain = first.domain # Where locally-posted mail will come from. myorigin = $myhostname # Listen on all interfaces. inet_interfaces = all # This server is the final destination for these domains. mydestination = localhost, localhost.localdomain, $myhostname, localhost.$mydomain, $mydomain, second.domain # IMPORTANT -- accept mail for relaying ONLY from # the local machine. mynetworks_style = host # Where your aliases are. alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases # This user should receive any mail whose recipient # could not otherwise be matched. luser_relay = email@example.com # IMPORTANT -- local recipient checking must be # turned off for the "luser_relay" directive to # work. local_recipient_maps = # Error code to reject mail with when the local # recipient is not known. unknown_local_recipient_reject_code = 550 # Your server's greeting banner. IMPORTANT -- it # MUST start with your server's hostname, and the # reverse DNS lookup on the server's IP address MUST # match this hostname, or your outgoing mail could # be rejected as SPAM. smtpd_banner = $myhostname ESMTP # See the "main.cf" that came with your Postfix # distribution for discussion on the rest of the # directives in this file. debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop html_directory = no manpage_directory = /usr/share/man sample_directory = /usr/share/doc/postfix-2.1.5/samples readme_directory = /usr/share/doc/postfix-2.1.5/README_FILES
Replace all occurrences of first.domain in Listing 1 with your own fully qualified domain name, such as openlight.com. The reverse DNS lookup of your VPS's IP address must return this domain! Otherwise, your outbound messages may be rejected as spam.
If you are hosting an additional domain name, substitute it instead of the second.domain entry. Otherwise, delete second.domain before using Listing 1. If you wish, you can also, replace maila in Listing 1 with the user name of your choice.
Now, append an entry to the /etc/aliases file to specify the user who will receive root's mail. Here is an example:
Next, create accounts for the other e-mail users. Append any aliases for these users to /etc/aliases. The following example entry will cause user mailb to receive all messages sent to firstname.lastname@example.org:
Note that if you have an additional domain name, messages to email@example.com will also go to mailb. For a small organization, this is probably the right default behavior, because all domain names that you will be hosting are almost certainly related. For example, if you are hosting an additional domain for your product, then tech-support questions about the product should likely go to the same person, regardless of which domain name appears in the e-mail address.
When you are finished, update the alias database file, and start Postfix:
[root@myvps ~]# postalias /etc/aliases [root@myvps ~]# /etc/init.d/postfix start Starting postfix: [ OK ]
Check the log file /var/log/maillog for any errors.
You can update the aliases file even while Postfix is running, just run postalias /etc/aliases again when you are finished.
You should now verify that Postfix is doing what you expect. Connect to port 25 on your VPS using telnet, as shown in Listing 2. Enter just the text highlighted in bold—the rest of the text is the system's responses. Of course, you should type the IP address of your VPS in place of MY.VPS.IP.ADDRESS, and your actual domain name instead of first.domain.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Profiles and RC Files
- Astronomy for KDE
- Maru OS Brings Debian to Your Phone
- Understanding Ceph and Its Place in the Market
- Snappy Moves to New Platforms
- Git 2.9 Released
- What's Our Next Fight?
- OpenSwitch Finds a New Home
- The Giant Zero, Part 0.x
With all the industry talk about the benefits of Linux on Power and all the performance advantages offered by its open architecture, you may be considering a move in that direction. If you are thinking about analytics, big data and cloud computing, you would be right to evaluate Power. The idea of using commodity x86 hardware and replacing it every three years is an outdated cost model. It doesn’t consider the total cost of ownership, and it doesn’t consider the advantage of real processing power, high-availability and multithreading like a demon.
This ebook takes a look at some of the practical applications of the Linux on Power platform and ways you might bring all the performance power of this open architecture to bear for your organization. There are no smoke and mirrors here—just hard, cold, empirical evidence provided by independent sources. I also consider some innovative ways Linux on Power will be used in the future.Get the Guide