Loading ...
Sorry, an error occurred while loading the content.

Re: Mail server, what else?

Expand Messages
  • Craig R. Skinner
    ... Old. ... Dovecot instead of Courier? ... Look at mlmmj instead of Mailman - no web interface needed. http://mlmmj.org/docs/readme-postfix/ ... No Apache,
    Message 1 of 17 , Jul 13, 2013
    • 0 Attachment
      On 2013-07-12 Fri 11:55 AM |, J Gao wrote:
      >
      > Now I would like your advises on my system so I can improve it more.
      > - Postfix 2.6.6

      Old.

      > - Courier(Support virtual domain)

      Dovecot instead of Courier?

      > - Mailman maillist

      Look at mlmmj instead of Mailman - no web interface needed.
      http://mlmmj.org/docs/readme-postfix/

      >
      > I appreciate if you can give me advise so I can further improve my system.
      >

      No Apache, PHP or webmail. HTTP was designed to transfer hyperlinked
      text files, not do dynmaic stuff with root access to the whole box.
      Beware!!!!!

      IMAP (Thunderbird, Elm, KMail) is the way to go.
      https://en.wikipedia.org/wiki/Comparison_of_email_clients#Operating_system_support


      Greylisting of some sort http://en.wikipedia.org/wiki/Greylisting

      Cheers,
      --
      Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
    • lists@rhsoft.net
      ... in case of root access yes! but what has the protocol HTTP to do with the underlying application? that s a different layer and without whatever dynamic
      Message 2 of 17 , Jul 13, 2013
      • 0 Attachment
        Am 13.07.2013 20:11, schrieb Craig R. Skinner:
        >> I appreciate if you can give me advise so I can further improve my system.
        >
        > No Apache, PHP or webmail. HTTP was designed to transfer hyperlinked
        > text files, not do dynmaic stuff with root access to the whole box.
        > Beware!!!!!

        in case of root access yes!

        but what has the protocol HTTP to do with the underlying
        application? that's a different layer and without whatever
        dynamic language running on webservers you do not come very
        far and you would be negatively impressed if all web-apps
        you are using are down from one day to the next
      • Bastian Blank
        ... Enterprisey. Well. ... What for? If at all use nginx mit php-fpm and mariadb. ... Not longer supported here. Get a current version. ... Use Dovecot. ...
        Message 3 of 17 , Jul 13, 2013
        • 0 Attachment
          On Fri, Jul 12, 2013 at 11:55:00AM -0700, J Gao wrote:
          > Now I would like your advises on my system so I can improve it more.
          > Here is my mail server system:
          > - CentOS 6.4 64bit (SELinux disabled), iptables is in action.

          Enterprisey. Well.

          > - Apache, MySql, PHP

          What for? If at all use nginx mit php-fpm and mariadb.

          > - Postfix 2.6.6

          Not longer supported here. Get a current version.

          > - Courier(Support virtual domain)

          Use Dovecot.

          > - MailScanner with ClamAV and Spamassassin(with pyzor/rozor2/DCC)

          This _will_ eat your mail for breakfast. Use amavisd-new.

          > - Fail2ban (SSH, RoundCube, SASL)

          Self-DoS.

          > - SPF, OpenDKIM, DMARC

          Why?

          > - RoundCube webmail

          Not on the same machine.

          Bastian

          --
          Virtue is a relative term.
          -- Spock, "Friday's Child", stardate 3499.1
        • Craig R. Skinner
          ... OK then, shove every frigging thing down port 80 s throat. Why bother with Postfix, IMAP, ftp, ssh, ping, traceroute,.... Just have 1 port on the box that
          Message 4 of 17 , Jul 13, 2013
          • 0 Attachment
            On 2013-07-13 Sat 20:50 PM |, lists@... wrote:
            >
            > but what has the protocol HTTP to do with the underlying
            > application?
            >

            OK then, shove every frigging thing down port 80's throat.

            Why bother with Postfix, IMAP, ftp, ssh, ping, traceroute,....

            Just have 1 port on the box that does it all. Really?

            IMAP & POP were purpose designed for reading mail.

            SMTP was purpose designed for transfering it, simple.

            Use the right protocol (tool) for the job.

            Yes, you can carry large items of furniture on the roof of a bubble car.
            But diesel vans are better for that job as they're designed to carry the
            load. Bubble cars have a purpose, so do vans, trucks, ships,.... Don't
            get confused about what does what.

            The current trend to put everything on HTTP is foolishness.
            --
            Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
          • Peter
            ... That s brilliant, now you can t get support for it anywhere. You don t need to patch postfix to get quotas, dovecot 2 has a policy daemon that plugs right
            Message 5 of 17 , Jul 13, 2013
            • 0 Attachment
              On 07/13/2013 11:15 AM, J Gao wrote:
              > http://vault.centos.org/6.4/os/Source/SPackages/postfix-2.6.6-2.2.el6_1.src.rpm
              >
              > And patched with quota patch.

              That's brilliant, now you can't get support for it anywhere.

              You don't need to patch postfix to get quotas, dovecot 2 has a policy
              daemon that plugs right into postfix for that now.

              Seriously, go to Dovecot and get a newer version of postfix. It is well
              worth it just to get postscreen support (which requires version 2.8 or
              higher), and you really don't need to be patching it.


              Peter
            • Kris Deugau
              ... Then what do you suggest for casual users who do not care to either bring along a single device everywhere they want to access their email, or (know how
              Message 6 of 17 , Jul 15, 2013
              • 0 Attachment
                Craig R. Skinner wrote:
                > No Apache, PHP or webmail. HTTP was designed to transfer hyperlinked
                > text files, not do dynmaic stuff with root access to the whole box.
                > Beware!!!!!
                >
                > IMAP (Thunderbird, Elm, KMail) is the way to go.
                > https://en.wikipedia.org/wiki/Comparison_of_email_clients#Operating_system_support

                Then what do you suggest for casual users who do not care to either
                bring along a single device everywhere they want to access their email,
                or (know how to) install a fullblown mail program on every device they
                may access their mail from? (Including things like Internet cafe PCs...)

                Webmail means at least they only have one mail client and one UI to
                learn to read their mail.

                -kgd
              • Craig R. Skinner
                ... There are several Java IMAP email clients that can be wrapped in an applet or Java-webstart. These are downloaded from the website & then use IMAP/SMTP.
                Message 7 of 17 , Jul 15, 2013
                • 0 Attachment
                  On 2013-07-15 Mon 16:26 PM |, Kris Deugau wrote:
                  > Craig R. Skinner wrote:
                  > >No Apache, PHP or webmail. HTTP was designed to transfer hyperlinked
                  > >text files, not do dynmaic stuff with root access to the whole box.
                  > >Beware!!!!!
                  > >
                  > >IMAP (Thunderbird, Elm, KMail) is the way to go.
                  > >https://en.wikipedia.org/wiki/Comparison_of_email_clients#Operating_system_support
                  >
                  > Then what do you suggest for casual users who do not care to either
                  > bring along a single device everywhere they want to access their
                  > email, or (know how to) install a fullblown mail program on every
                  > device they may access their mail from? (Including things like
                  > Internet cafe PCs...)
                  >

                  There are several Java IMAP email clients that can be wrapped in an
                  applet or Java-webstart. These are downloaded from the website & then
                  use IMAP/SMTP.

                  >
                  > Webmail means at least they only have one mail client and one UI to
                  > learn to read their mail.
                  >

                  Put up some screen shots of how to use a mail client in your FAQ.

                  If the average web user can post photo albums on Fakebook, they've the
                  brains to use a mail client. Thunderbird even tries to autoconfigure
                  itself based on the the email address, setting the servers & ports.

                  It's more work up front to teach them, but its less work than explaining
                  your box got rooted via some stupid web app & all their personal details
                  are now at risk.

                  Dump stubborn users, they're not worth the support nightmare. (I worked
                  for years in an ISP's tech support dept - ON THE PHONE. Most people are
                  OK with a few screen shots & some help to get going.)

                  Cheers,
                  --
                  Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
                • Joe
                  ... Fairly current postfix packages for RHEL are available from several sources - we ve been using postfix 2.8.8 on RHEL 6 here. Joe
                  Message 8 of 17 , Jul 16, 2013
                  • 0 Attachment
                    On 07/13/2013 02:35 PM, Peter wrote:
                    > On 07/13/2013 11:15 AM, J Gao wrote:
                    >> http://vault.centos.org/6.4/os/Source/SPackages/postfix-2.6.6-2.2.el6_1.src.rpm
                    >>
                    >>
                    >> And patched with quota patch.
                    >
                    > That's brilliant, now you can't get support for it anywhere.
                    >
                    > You don't need to patch postfix to get quotas, dovecot 2 has a policy
                    > daemon that plugs right into postfix for that now.
                    >
                    > Seriously, go to Dovecot and get a newer version of postfix. It is
                    > well worth it just to get postscreen support (which requires version
                    > 2.8 or higher), and you really don't need to be patching it.

                    Fairly current postfix packages for RHEL are available from several
                    sources - we've been using postfix 2.8.8 on RHEL 6 here.

                    Joe
                  • Kirill Bychkov
                    Hi, 14.07.2013 0:17 пользователь Bastian Blank
                    Message 9 of 17 , Jul 16, 2013
                    • 0 Attachment

                      Hi,

                      14.07.2013 0:17 пользователь "Bastian Blank" <bastian+postfix-users=postfix.org@...> написал:

                      >
                      > On Fri, Jul 12, 2013 at 11:55:00AM -0700, J Gao wrote:
                      > > Now I would like your advises on my system so I can improve it more.
                      > > Here is my mail server system:
                      > > - CentOS 6.4 64bit (SELinux disabled), iptables is in action.
                      >
                      > Enterprisey. Well.
                      >
                      > > - Apache, MySql, PHP
                      >
                      > What for? If at all use nginx mit php-fpm and mariadb.
                      >
                      > > - Postfix 2.6.6
                      >
                      > Not longer supported here. Get a current version.
                      >
                      > > -                 Courier(Support virtual domain)
                      >
                      > Use Dovecot.
                      >
                      > > - MailScanner with ClamAV and Spamassassin(with pyzor/rozor2/DCC)
                      >
                      > This _will_ eat your mail for breakfast. Use amavisd-new.
                      >
                      > > - Fail2ban (SSH, RoundCube, SASL)
                      >
                      > Self-DoS.
                      What is Self-DoS? What does you mean?
                      >
                      > > - SPF, OpenDKIM, DMARC
                      >
                      > Why?
                      >
                      > > - RoundCube webmail
                      >
                      > Not on the same machine.
                      >
                      > Bastian
                      >
                      > --
                      > Virtue is a relative term.
                      >                 -- Spock, "Friday's Child", stardate 3499.1

                    • LuKreme
                      ... A self inflicted Denial of Service. sort of like when you ping flood yourselfà -- Can t seem to face up to the facts Tense and nervous and I can t relax
                      Message 10 of 17 , Jul 16, 2013
                      • 0 Attachment
                        On 16 Jul 2013, at 14:03 , Kirill Bychkov <kirill.bychkov@...> wrote:
                        > What is Self-DoS? What does you mean?

                        A self inflicted Denial of Service.

                        sort of like when you ping flood yourself…

                        --
                        Can't seem to face up to the facts
                        Tense and nervous and I can't relax
                        Can't sleep, bed's on fire
                        Don't touch me I'm a real live wire
                      Your message has been successfully submitted and would be delivered to recipients shortly.