A Server (Almost) of Your Own
[usera@ws]$ telnet MY.VPS.IP.ADDRESS 25 Trying MY.VPS.IP.ADDRESS Connected to MY.VPS.IP.ADDRESS. Escape character is '^]'. 220 first.domain ESMTP HELO example.com 250 first.domain MAIL FROM: email@example.com 250 Ok RCPT TO: firstname.lastname@example.org 250 Ok DATA 354 End data with <CR><LF>.<CR><LF> This is a test . 250 Ok: queued as MESSAGEID QUIT 221 Bye Connection closed by foreign host.
Use Listing 2 as a guide to run the following tests:
Connect to port 25 of your VPS from an outside machine, such as your workstation. Verify that Postfix accepts messages for each e-mail address you intend to use. Then, make sure the right users are receiving the messages. See the following discussion for details.
Connect again from the outside, and check that Postfix will refuse to relay mail to other systems. Use an e-mail account that you have on some other system as the destination, just in case. It is very important that your MTA refuse any relay requests from external machines. Otherwise, spammers will quickly discover that they can route their junk e-mails through your system.
Using telnet from a shell prompt on your VPS itself, check that the MTA will relay mail to remote servers. Use your own e-mail account on some other system as the destination. Note that the remote MTA may refuse to accept the message, because your system is not live yet, so reverse DNS lookups will not yield the right result.
You can verify that a user on the VPS has received mail with the mail command. Here is an example that checks the mail for maila:
[root@myvps ~]# mail -u maila
The mail command is a simple mail reader. Type h to view the received messages, then type the number of the message to view it. Press the spacebar to scroll through the message. You also can scroll through the message with the Enter key, but it will start viewing the next message after it gets to the end of the current one. You can type q to stop viewing a message. When you are not viewing a message, typing q will exit mail. The ? key brings up a help screen.
When everything is working as it should, tell your initialization scripts to launch Postfix automatically on system reboot:
[root@myvps ~]# chkconfig --add postfix
In this article, we discuss two methods for reading your mail. One is to download the mail to your workstation. The other is to leave it on the VPS and use a Web-based solution to view the messages through your browser. You can use both methods together.
The first approach requires the POP3 protocol, and the second needs IMAP. On Fedora, the simplest way to get both is to install Dovecot:
[root@myvps ~]# up2date --install dovecot
When the installation finishes, edit /etc/dovecot.conf. Find the protocols directive and replace it with the following. Do not delete the original line, but comment it out for future reference:
#protocols = imap imaps pop3 pop3s protocols = pop3 imap
As a security precaution, configure both POP3 and IMAP to accept requests only from the VPS itself. Once again, do not delete the original code, but leave it commented out for future reference:
#imap_listen = [::] imap_listen = [127.0.0.1] #pop3_listen = [::] pop3_listen = [127.0.0.1]
Start dovecot, and add it to your system's initialization scripts:
[root@myvps ~]# /etc/init.d/dovecot start Starting Dovecot Imap: [ OK ] [root@myvps ~]# chkconfig --level 345 dovecot on
We will be using SSH tunneling to read and send mail securely from your workstation. With SSH tunneling, you can temporarily map ports on the VPS to available ports on the workstation. All communication on the mapped ports takes place over an encrypted tunnel.
Give the following command on your workstation. Use your VPS's IP address if you did not add an entry for myvps in the /etc/hosts file on your workstation:
[usera@ws ~]$ ssh -Nf maila@myvps \ -L 2525:localhost:25 -L 2110:localhost:110
The user maila must have shell access to the VPS. You will be prompted for maila's password.
This tunnel maps ports 25 and 110 on the VPS to ports 2525 and 2110 on the workstation, respectively. If you are already downloading your inbound mail using POP3 and sending your outbound mail through an ISP's mail server, you will require very few changes to your mail client's configuration.
Simply set your POP3 server as localhost with port 2110, and your outbound mail server to localhost with port 2525. You even can leave your outbound mail settings unchanged, unless you plan to cancel the account at the ISP whose mail server you are currently using. Here are specific instructions for two popular e-mail clients.
If you use Mozilla Thunderbird, select Account Settings... from the Edit menu. Add a new account by clicking the Add Account... button in the dialog box, and follow the prompts in the Account Wizard. After you create the new account, click on its Server Settings list item in the left pane to configure the POP3 server and port. Figure 1 shows the screenshot. Red-colored highlights indicate the most important parameters.
You also can configure Thunderbird's outgoing mail server from the same Account Settings dialog box. Click on Outgoing Server (SMTP) in the left pane of the dialog. Figure 2 shows the resulting screenshot. Remember to uncheck the Use name and password check box.
Another popular mail client is Mutt. A typical Mutt-based configuration uses Fetchmail to download the mail, Procmail to sort it into mailboxes and ssmtp to deliver the outbound mail. See Listing 3 for an example .fetchmailrc file and Listing 4 for an example ssmtp.conf file. Both use the SSH tunnel that we created earlier. Do not forget to change the code in Listing 3 to reflect your correct user names and passwords.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- The Humble Hacker?
- Server Hardening
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- The Death of RoboVM
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The US Government and Open-Source Software
- ACI Worldwide's UP Retail Payments
- Open-Source Project Secretly Funded by CIA
- Varnish Software's Hitch
- New Container Image Standard Promises More Portable Apps
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide