A Server (Almost) of Your Own
set postmaster "usera" set no bouncemail set no spambounce poll localhost with protocol POP3 and port 2110 and options no dns: user "maila" there is usera here and wants mda "/usr/bin/procmail -d %T" options fetchall password "MAILA'S VPS PASSWORD"
# The person who gets all mail for userids < 1000 # Make this empty to disable rewriting. root=postmaster # The place where the mail goes. The actual machine # name is required; no MX records are consulted. mailhub=localhost:2525 # The full hostname hostname=localhost # The "From" line sender address will override any # settings here. FromLineOverride=YES
Finally, note that you need to set up the SSH tunnel again every time you reboot your workstation. There are many ways to automate the process, but it is beyond the scope of this article to discuss them.
The Fedora Linux distribution provides a Web-based e-mail interface that requires very little work to configure. It is based on SquirrelMail and Apache. Web mail is an easy way to support Windows clients. It also does not require shell access on the VPS.
First, install SquirrelMail:
[root@myvps ~]# up2date --install squirrelmail
This process also installs several other packages that SquirrelMail requires. Next, enable secure https access by installing mod_ssl:
[root@myvps ~]# up2date --install mod_ssl
You must disable unsecure http access to SquirrelMail. Edit the file /etc/httpd/conf.d/squirrelmail.conf, and append the following lines:
<LocationMatch "/webmail"> SSLRequireSSL </LocationMatch>
Now, start the Apache Web server:
[root@myvps ~]# /etc/init.d/httpd start
Connect to https://MY.VPS.IP.ADDRESS/webmail. Your browser will warn you about the SSL certificate—just accept it permanently, and you will not be warned again. The only way to avoid this error altogether is to use a certificate signed by a recognized Certificate Authority (CA). The CA will need to verify your identity and also will charge an annual fee for signing the certificate.
After accepting the certificate, you should be able to log in as any of the mail users that you have created earlier. If a particular mail user—for example mailb—does not need shell access, disable it with the following command:
[root@myvps ~]# usermod -s /sbin/nologin mailb
Do not forget to add the Apache Web server to your startup environment:
[root@myvps ~]# chkconfig --level 345 httpd on
Your Web mail users should click on the Options link in the SquirrelMail interface and configure their account information. Otherwise, SquirrelMail will format their messages with something like firstname.lastname@example.org in the From field. This certainly will confuse anyone who receives such a message.
This article has covered one of the most difficult aspects of switching to a VPS account—setting up your e-mail. As you have seen, e-mail service is provided by a collection of several different programs working together. There are many other ways to configure this service. Unfortunately, it would require a lengthy book to describe and compare them all. This article tries to provide a simple solution with good security that a new VPS user can implement quickly.
Welcome to the world of VPS hosting—the server that is (almost) your own.
The author wishes to acknowledge Sean Reifschneider and Evelyn Mitchell of tummy.com, LTD., for generously providing a VPS account used to test the examples presented here, as well as their valuable comments on this article.
Resources for this article: /article/9380.
George Belotsky is a software architect who has done extensive work on high-performance Internet servers, as well as hard real-time and embedded systems. His technology interests include C++, Python and Linux. He is also the author of the Flightdeck-UI Open Source Project, which uses the ideas from aircraft instrumentation to implement computer user interfaces. You can reach George at email@example.com.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- The Qt Company's Qt Start-Up
- Devuan Beta Release
- May 2016 Issue of Linux Journal
- Open-Source Project Secretly Funded by CIA
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The US Government and Open-Source Software
- The Death of RoboVM
- BitTorrent Inc.'s Sync
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- The Humble Hacker?
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide