Resources for “A Server (Almost) of Your Own”

 in
Reading and Sending Mail

There are no substantial changes—only the dialog boxes may look slightly different in later versions of Mozilla Thunderbird. There is also a “Description” field in the SMTP server dialog, which you may leave blank.

If you are using the mutt-based solution described in the article, no modifications are required.

Web-based Mail

When configuring SquirrelMail, it is possible that the Web server is already running. In this case, starting it, as described in the article, will have no effect.

Try restarting the Web server instead, especially if you are having trouble opening SquirrelMail's pages in your browser:

/etc/init.d/httpd restart

You may use the restart command even if the server is not running. In this case, the attempt to stop the server will fail, but the subsequent start operation will proceed normally.

SSH Security

Extremely broad Internet sweeps that look for SSH access at many IP addresses seem to have become widespread in late 2004. Here are some insightful descriptions of the problem, and several solutions:

One relatively simple change that you can implement quickly is moving your SSH dæmon, sshd, to a nonstandard port. This measure—although weak from a theoretical security perspective—is currently very effective in deterring the generic SSH sweeps that do not specifically target your system.

Carefully perform the following steps, in the order given:

  1. Modify your firewall settings to permit access on a nonstandard port, such as 2222.

  2. Restart iptables: /etc/init.d/iptables restart.

  3. Add the directive “Port 2222” to /etc/ssh/sshd_config.

  4. Restart sshd: /etc/init.d/sshd restart. Do not log out from the server. If you are unable to carry out step 5 below, you may still be able to double-check the configuration and make changes from your original SSH session. Of course, your VPS hosting company should help if you completely lock yourself out.

  5. Open another terminal, and log in to your VPS with ssh -p 2222 root@MY.VPS.IP.ADDRESS. Note that from now on, you will always need to specify this nonstandard port number when you access your VPS using SSH. Alternatively, you can edit the .ssh/config file in your home directory, and configure the nonstandard port there—see the SSH documentation for details. You can create this file if it does not currently exist.

  6. Optional step. Modify your firewall settings again, and disable SSH access on port 22. If you are using system-config-securitylevel-tui, this is done by unchecking the “SSH” checkbox on the “Customize” screen.

Additional Information

The Postfix home page, at www.postfix.org, has lots of information about the Postfix MTA. You can also read an excellent introduction to Postfix at www.onlamp.com/pub/a/bsd/2003/08/21/postfix.html. Note that this article covers an earlier version of the server, so there are some configuration differences from the current version.

Finally, Wikipedia has a brief but very insightful description of e-mail terminology, at en.wikipedia.org/wiki/Mail_transfer_agent.

______________________

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix