Resources for “A Server (Almost) of Your Own”

 in
Reading and Sending Mail

There are no substantial changes—only the dialog boxes may look slightly different in later versions of Mozilla Thunderbird. There is also a “Description” field in the SMTP server dialog, which you may leave blank.

If you are using the mutt-based solution described in the article, no modifications are required.

Web-based Mail

When configuring SquirrelMail, it is possible that the Web server is already running. In this case, starting it, as described in the article, will have no effect.

Try restarting the Web server instead, especially if you are having trouble opening SquirrelMail's pages in your browser:

/etc/init.d/httpd restart

You may use the restart command even if the server is not running. In this case, the attempt to stop the server will fail, but the subsequent start operation will proceed normally.

SSH Security

Extremely broad Internet sweeps that look for SSH access at many IP addresses seem to have become widespread in late 2004. Here are some insightful descriptions of the problem, and several solutions:

One relatively simple change that you can implement quickly is moving your SSH dæmon, sshd, to a nonstandard port. This measure—although weak from a theoretical security perspective—is currently very effective in deterring the generic SSH sweeps that do not specifically target your system.

Carefully perform the following steps, in the order given:

  1. Modify your firewall settings to permit access on a nonstandard port, such as 2222.

  2. Restart iptables: /etc/init.d/iptables restart.

  3. Add the directive “Port 2222” to /etc/ssh/sshd_config.

  4. Restart sshd: /etc/init.d/sshd restart. Do not log out from the server. If you are unable to carry out step 5 below, you may still be able to double-check the configuration and make changes from your original SSH session. Of course, your VPS hosting company should help if you completely lock yourself out.

  5. Open another terminal, and log in to your VPS with ssh -p 2222 root@MY.VPS.IP.ADDRESS. Note that from now on, you will always need to specify this nonstandard port number when you access your VPS using SSH. Alternatively, you can edit the .ssh/config file in your home directory, and configure the nonstandard port there—see the SSH documentation for details. You can create this file if it does not currently exist.

  6. Optional step. Modify your firewall settings again, and disable SSH access on port 22. If you are using system-config-securitylevel-tui, this is done by unchecking the “SSH” checkbox on the “Customize” screen.

Additional Information

The Postfix home page, at www.postfix.org, has lots of information about the Postfix MTA. You can also read an excellent introduction to Postfix at www.onlamp.com/pub/a/bsd/2003/08/21/postfix.html. Note that this article covers an earlier version of the server, so there are some configuration differences from the current version.

Finally, Wikipedia has a brief but very insightful description of e-mail terminology, at en.wikipedia.org/wiki/Mail_transfer_agent.

______________________

Geek Guide
The DevOps Toolbox

Tools and Technologies for Scale and Reliability
by Linux Journal Editor Bill Childers

Get your free copy today

Sponsored by IBM

Upcoming Webinar
8 Signs You're Beyond Cron

Scheduling Crontabs With an Enterprise Scheduler
11am CDT, April 29th
Moderated by Linux Journal Contributor Mike Diehl

Sign up now

Sponsored by Skybot