Loading ...
Sorry, an error occurred while loading the content.

Re: Mail server, what else?

Expand Messages
  • Scott Kitterman
    ... Distributors are often placed in the position of needing to support older releases than are supported by upstream. So no longer supported by upstream
    Message 1 of 17 , Jul 12, 2013
    • 0 Attachment
      On Friday, July 12, 2013 05:22:27 PM LuKreme wrote:
      > On 12 Jul 2013, at 17:15 , J Gao <jgao@...> wrote:
      > > I could use 2.10 but I thought this will be "safe" for CentOS 6.
      >
      > It might just be me, but I don't consider any software that is no longer
      > supported to be safe, especially not something as critically important as
      > an MTA.

      Distributors are often placed in the position of needing to support older
      releases than are supported by upstream. So no longer supported by upstream
      isn't the same as no longer supported. Personally, I don't get the
      RHEL/CentOS preference for ancient software, but that doesn't mean it's unsafe
      to use. The most important thing is knowing to go talk to your distributor if
      you have a problem in these cases because it's outside the window of what the
      upstream is paying attention to.

      Scott K
    • Craig R. Skinner
      ... Old. ... Dovecot instead of Courier? ... Look at mlmmj instead of Mailman - no web interface needed. http://mlmmj.org/docs/readme-postfix/ ... No Apache,
      Message 2 of 17 , Jul 13, 2013
      • 0 Attachment
        On 2013-07-12 Fri 11:55 AM |, J Gao wrote:
        >
        > Now I would like your advises on my system so I can improve it more.
        > - Postfix 2.6.6

        Old.

        > - Courier(Support virtual domain)

        Dovecot instead of Courier?

        > - Mailman maillist

        Look at mlmmj instead of Mailman - no web interface needed.
        http://mlmmj.org/docs/readme-postfix/

        >
        > I appreciate if you can give me advise so I can further improve my system.
        >

        No Apache, PHP or webmail. HTTP was designed to transfer hyperlinked
        text files, not do dynmaic stuff with root access to the whole box.
        Beware!!!!!

        IMAP (Thunderbird, Elm, KMail) is the way to go.
        https://en.wikipedia.org/wiki/Comparison_of_email_clients#Operating_system_support


        Greylisting of some sort http://en.wikipedia.org/wiki/Greylisting

        Cheers,
        --
        Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
      • lists@rhsoft.net
        ... in case of root access yes! but what has the protocol HTTP to do with the underlying application? that s a different layer and without whatever dynamic
        Message 3 of 17 , Jul 13, 2013
        • 0 Attachment
          Am 13.07.2013 20:11, schrieb Craig R. Skinner:
          >> I appreciate if you can give me advise so I can further improve my system.
          >
          > No Apache, PHP or webmail. HTTP was designed to transfer hyperlinked
          > text files, not do dynmaic stuff with root access to the whole box.
          > Beware!!!!!

          in case of root access yes!

          but what has the protocol HTTP to do with the underlying
          application? that's a different layer and without whatever
          dynamic language running on webservers you do not come very
          far and you would be negatively impressed if all web-apps
          you are using are down from one day to the next
        • Bastian Blank
          ... Enterprisey. Well. ... What for? If at all use nginx mit php-fpm and mariadb. ... Not longer supported here. Get a current version. ... Use Dovecot. ...
          Message 4 of 17 , Jul 13, 2013
          • 0 Attachment
            On Fri, Jul 12, 2013 at 11:55:00AM -0700, J Gao wrote:
            > Now I would like your advises on my system so I can improve it more.
            > Here is my mail server system:
            > - CentOS 6.4 64bit (SELinux disabled), iptables is in action.

            Enterprisey. Well.

            > - Apache, MySql, PHP

            What for? If at all use nginx mit php-fpm and mariadb.

            > - Postfix 2.6.6

            Not longer supported here. Get a current version.

            > - Courier(Support virtual domain)

            Use Dovecot.

            > - MailScanner with ClamAV and Spamassassin(with pyzor/rozor2/DCC)

            This _will_ eat your mail for breakfast. Use amavisd-new.

            > - Fail2ban (SSH, RoundCube, SASL)

            Self-DoS.

            > - SPF, OpenDKIM, DMARC

            Why?

            > - RoundCube webmail

            Not on the same machine.

            Bastian

            --
            Virtue is a relative term.
            -- Spock, "Friday's Child", stardate 3499.1
          • Craig R. Skinner
            ... OK then, shove every frigging thing down port 80 s throat. Why bother with Postfix, IMAP, ftp, ssh, ping, traceroute,.... Just have 1 port on the box that
            Message 5 of 17 , Jul 13, 2013
            • 0 Attachment
              On 2013-07-13 Sat 20:50 PM |, lists@... wrote:
              >
              > but what has the protocol HTTP to do with the underlying
              > application?
              >

              OK then, shove every frigging thing down port 80's throat.

              Why bother with Postfix, IMAP, ftp, ssh, ping, traceroute,....

              Just have 1 port on the box that does it all. Really?

              IMAP & POP were purpose designed for reading mail.

              SMTP was purpose designed for transfering it, simple.

              Use the right protocol (tool) for the job.

              Yes, you can carry large items of furniture on the roof of a bubble car.
              But diesel vans are better for that job as they're designed to carry the
              load. Bubble cars have a purpose, so do vans, trucks, ships,.... Don't
              get confused about what does what.

              The current trend to put everything on HTTP is foolishness.
              --
              Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
            • Peter
              ... That s brilliant, now you can t get support for it anywhere. You don t need to patch postfix to get quotas, dovecot 2 has a policy daemon that plugs right
              Message 6 of 17 , Jul 13, 2013
              • 0 Attachment
                On 07/13/2013 11:15 AM, J Gao wrote:
                > http://vault.centos.org/6.4/os/Source/SPackages/postfix-2.6.6-2.2.el6_1.src.rpm
                >
                > And patched with quota patch.

                That's brilliant, now you can't get support for it anywhere.

                You don't need to patch postfix to get quotas, dovecot 2 has a policy
                daemon that plugs right into postfix for that now.

                Seriously, go to Dovecot and get a newer version of postfix. It is well
                worth it just to get postscreen support (which requires version 2.8 or
                higher), and you really don't need to be patching it.


                Peter
              • Kris Deugau
                ... Then what do you suggest for casual users who do not care to either bring along a single device everywhere they want to access their email, or (know how
                Message 7 of 17 , Jul 15, 2013
                • 0 Attachment
                  Craig R. Skinner wrote:
                  > No Apache, PHP or webmail. HTTP was designed to transfer hyperlinked
                  > text files, not do dynmaic stuff with root access to the whole box.
                  > Beware!!!!!
                  >
                  > IMAP (Thunderbird, Elm, KMail) is the way to go.
                  > https://en.wikipedia.org/wiki/Comparison_of_email_clients#Operating_system_support

                  Then what do you suggest for casual users who do not care to either
                  bring along a single device everywhere they want to access their email,
                  or (know how to) install a fullblown mail program on every device they
                  may access their mail from? (Including things like Internet cafe PCs...)

                  Webmail means at least they only have one mail client and one UI to
                  learn to read their mail.

                  -kgd
                • Craig R. Skinner
                  ... There are several Java IMAP email clients that can be wrapped in an applet or Java-webstart. These are downloaded from the website & then use IMAP/SMTP.
                  Message 8 of 17 , Jul 15, 2013
                  • 0 Attachment
                    On 2013-07-15 Mon 16:26 PM |, Kris Deugau wrote:
                    > Craig R. Skinner wrote:
                    > >No Apache, PHP or webmail. HTTP was designed to transfer hyperlinked
                    > >text files, not do dynmaic stuff with root access to the whole box.
                    > >Beware!!!!!
                    > >
                    > >IMAP (Thunderbird, Elm, KMail) is the way to go.
                    > >https://en.wikipedia.org/wiki/Comparison_of_email_clients#Operating_system_support
                    >
                    > Then what do you suggest for casual users who do not care to either
                    > bring along a single device everywhere they want to access their
                    > email, or (know how to) install a fullblown mail program on every
                    > device they may access their mail from? (Including things like
                    > Internet cafe PCs...)
                    >

                    There are several Java IMAP email clients that can be wrapped in an
                    applet or Java-webstart. These are downloaded from the website & then
                    use IMAP/SMTP.

                    >
                    > Webmail means at least they only have one mail client and one UI to
                    > learn to read their mail.
                    >

                    Put up some screen shots of how to use a mail client in your FAQ.

                    If the average web user can post photo albums on Fakebook, they've the
                    brains to use a mail client. Thunderbird even tries to autoconfigure
                    itself based on the the email address, setting the servers & ports.

                    It's more work up front to teach them, but its less work than explaining
                    your box got rooted via some stupid web app & all their personal details
                    are now at risk.

                    Dump stubborn users, they're not worth the support nightmare. (I worked
                    for years in an ISP's tech support dept - ON THE PHONE. Most people are
                    OK with a few screen shots & some help to get going.)

                    Cheers,
                    --
                    Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
                  • Joe
                    ... Fairly current postfix packages for RHEL are available from several sources - we ve been using postfix 2.8.8 on RHEL 6 here. Joe
                    Message 9 of 17 , Jul 16, 2013
                    • 0 Attachment
                      On 07/13/2013 02:35 PM, Peter wrote:
                      > On 07/13/2013 11:15 AM, J Gao wrote:
                      >> http://vault.centos.org/6.4/os/Source/SPackages/postfix-2.6.6-2.2.el6_1.src.rpm
                      >>
                      >>
                      >> And patched with quota patch.
                      >
                      > That's brilliant, now you can't get support for it anywhere.
                      >
                      > You don't need to patch postfix to get quotas, dovecot 2 has a policy
                      > daemon that plugs right into postfix for that now.
                      >
                      > Seriously, go to Dovecot and get a newer version of postfix. It is
                      > well worth it just to get postscreen support (which requires version
                      > 2.8 or higher), and you really don't need to be patching it.

                      Fairly current postfix packages for RHEL are available from several
                      sources - we've been using postfix 2.8.8 on RHEL 6 here.

                      Joe
                    • Kirill Bychkov
                      Hi, 14.07.2013 0:17 пользователь Bastian Blank
                      Message 10 of 17 , Jul 16, 2013
                      • 0 Attachment

                        Hi,

                        14.07.2013 0:17 пользователь "Bastian Blank" <bastian+postfix-users=postfix.org@...> написал:

                        >
                        > On Fri, Jul 12, 2013 at 11:55:00AM -0700, J Gao wrote:
                        > > Now I would like your advises on my system so I can improve it more.
                        > > Here is my mail server system:
                        > > - CentOS 6.4 64bit (SELinux disabled), iptables is in action.
                        >
                        > Enterprisey. Well.
                        >
                        > > - Apache, MySql, PHP
                        >
                        > What for? If at all use nginx mit php-fpm and mariadb.
                        >
                        > > - Postfix 2.6.6
                        >
                        > Not longer supported here. Get a current version.
                        >
                        > > -                 Courier(Support virtual domain)
                        >
                        > Use Dovecot.
                        >
                        > > - MailScanner with ClamAV and Spamassassin(with pyzor/rozor2/DCC)
                        >
                        > This _will_ eat your mail for breakfast. Use amavisd-new.
                        >
                        > > - Fail2ban (SSH, RoundCube, SASL)
                        >
                        > Self-DoS.
                        What is Self-DoS? What does you mean?
                        >
                        > > - SPF, OpenDKIM, DMARC
                        >
                        > Why?
                        >
                        > > - RoundCube webmail
                        >
                        > Not on the same machine.
                        >
                        > Bastian
                        >
                        > --
                        > Virtue is a relative term.
                        >                 -- Spock, "Friday's Child", stardate 3499.1

                      • LuKreme
                        ... A self inflicted Denial of Service. sort of like when you ping flood yourselfà -- Can t seem to face up to the facts Tense and nervous and I can t relax
                        Message 11 of 17 , Jul 16, 2013
                        • 0 Attachment
                          On 16 Jul 2013, at 14:03 , Kirill Bychkov <kirill.bychkov@...> wrote:
                          > What is Self-DoS? What does you mean?

                          A self inflicted Denial of Service.

                          sort of like when you ping flood yourself…

                          --
                          Can't seem to face up to the facts
                          Tense and nervous and I can't relax
                          Can't sleep, bed's on fire
                          Don't touch me I'm a real live wire
                        Your message has been successfully submitted and would be delivered to recipients shortly.