Home

Resources for “A Server (Almost) of Your Own”

Issue 152

From Issue #152
December 2006

Dec 01, 2006  By George Belotsky
 in
Reading and Sending Mail

There are no substantial changes—only the dialog boxes may look slightly different in later versions of Mozilla Thunderbird. There is also a “Description” field in the SMTP server dialog, which you may leave blank.

If you are using the mutt-based solution described in the article, no modifications are required.

Web-based Mail

When configuring SquirrelMail, it is possible that the Web server is already running. In this case, starting it, as described in the article, will have no effect.

Try restarting the Web server instead, especially if you are having trouble opening SquirrelMail's pages in your browser: 

/etc/init.d/httpd restart

You may use the restart command even if the server is not running. In this case, the attempt to stop the server will fail, but the subsequent start operation will proceed normally.

SSH Security

Extremely broad Internet sweeps that look for SSH access at many IP addresses seem to have become widespread in late 2004. Here are some insightful descriptions of the problem, and several solutions:

One relatively simple change that you can implement quickly is moving your SSH dæmon, sshd, to a nonstandard port. This measure—although weak from a theoretical security perspective—is currently very effective in deterring the generic SSH sweeps that do not specifically target your system.

Carefully perform the following steps, in the order given:

  1. Modify your firewall settings to permit access on a nonstandard port, such as 2222.

  2. Restart iptables: /etc/init.d/iptables restart.

  3. Add the directive “Port 2222” to /etc/ssh/sshd_config.

  4. Restart sshd: /etc/init.d/sshd restart. Do not log out from the server. If you are unable to carry out step 5 below, you may still be able to double-check the configuration and make changes from your original SSH session. Of course, your VPS hosting company should help if you completely lock yourself out.

  5. Open another terminal, and log in to your VPS with ssh -p 2222 root@MY.VPS.IP.ADDRESS. Note that from now on, you will always need to specify this nonstandard port number when you access your VPS using SSH. Alternatively, you can edit the .ssh/config file in your home directory, and configure the nonstandard port there—see the SSH documentation for details. You can create this file if it does not currently exist.

  6. Optional step. Modify your firewall settings again, and disable SSH access on port 22. If you are using system-config-securitylevel-tui, this is done by unchecking the “SSH” checkbox on the “Customize” screen.

Additional Information

The Postfix home page, at www.postfix.org, has lots of information about the Postfix MTA. You can also read an excellent introduction to Postfix at www.onlamp.com/pub/a/bsd/2003/08/21/postfix.html. Note that this article covers an earlier version of the server, so there are some configuration differences from the current version.

Finally, Wikipedia has a brief but very insightful description of e-mail terminology, at en.wikipedia.org/wiki/Mail_transfer_agent.

______________________

Webcast
More Resources
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers

Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.

Learn More

Sponsored by AMD

White Paper
More Resources
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy

Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6

Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.

Learn more about catching the bad guy in this free white paper.

Learn More

Sponsored by DLT Solutions