[Newbie] Howto setup mailserver?? - BSD

This is a discussion on [Newbie] Howto setup mailserver?? - BSD ; I've just started to setup a OpenBSD server on an old laptop. I want to use it as webserver and as mailserver. I already managed to setup a webserver with MySQL and PHP, and can reach it from the internet ...

+ Reply to Thread
Results 1 to 17 of 17

Thread: [Newbie] Howto setup mailserver??

  1. [Newbie] Howto setup mailserver??

    I've just started to setup a OpenBSD server on an old laptop. I want to use
    it as webserver and as mailserver. I already managed to setup a webserver
    with MySQL and PHP, and can reach it from the internet (with help of the
    services from www.dyndns.org ). Now I want to setup my own mailserver
    with spamfilter (and where my three PC's can get there mail from (via
    Outlook). I've read that Sendmail is better not used because of security
    issues. I've read that there are other progams like Postfix and qmail (and
    proberly many others). My questions:
    - which program's best to use?
    - are there some good howto's on the web for those program's?

    Thanks in advance.

    Greetings,
    Adrie



  2. Re: [Newbie] Howto setup mailserver??

    On 2005-08-30, A. van Leeuwen wrote:
    > I've read that Sendmail is better not used because of security
    > issues.


    http://www.openbsd.org/faq/faq1.html#HowAbout

    When was the last time you heard of someone having security problems
    with sendmail on openbsd?

    --
    Antti Nykänen || aon@iki.fi || http://aon.iki.fi

  3. Re: [Newbie] Howto setup mailserver??

    A. van Leeuwen wrote:

    > I've just started to setup a OpenBSD server on an old laptop. I want to
    > use it as webserver and as mailserver. I already managed to setup a
    > webserver with MySQL and PHP, and can reach it from the internet (with
    > help of the services from www.dyndns.org ). Now I want to setup my own
    > mailserver with spamfilter (and where my three PC's can get there mail
    > from (via Outlook). I've read that Sendmail is better not used because of
    > security issues.


    The OBSD version of Sendmail is fairly safe, but it is not the easiest of
    programs to configure, especially if you want to do anything beyond a very
    basic setup. If you've not got any experience of mail servers then I
    advise chosing something else (unless you really want to tackle a seriously
    steep learning curve that is). OTOH a real Sendmail guru can make it do
    things that no other MTA is capable of, but reaching guru status takes a
    lot of work.

    >I've read that there are other progams like Postfix and
    > qmail (and proberly many others). My questions:


    Not many people would recommend qmail these days, largely because the author
    insists on a rather strange licence. Also it is no longer maintained by the
    original author and several features now regarded as vital are only
    available by 3rd-part patches which may not be coded to the same standard.

    The more popular alternatives to Sendmail are postfix and exim. Both are
    still under active development with very active support communities.

    > - which program's best to use?


    How long is a piece of string. Both are good, both have good security
    records, both are used by some seriously heavy traffic sites, they are
    configured in very different ways. One of those ways may be incompatible
    with the way your mind works.

    > - are there some good howto's on the web for those program's?
    >


    www.postfix.org has a lot of info as has www.exim.org.

    My feeling is that postfix has the better introductory documentation while
    exim has the better reference documentation. As ever YMMV.

    There are several books on Postfix, some of which are very good. Not sure
    about Exim.

  4. Re: [Newbie] Howto setup mailserver??

    On Tue, 30 Aug 2005 18:44:07 +0000, Antti Nykänen wrote:

    > On 2005-08-30, A. van Leeuwen wrote:
    >> I've read that Sendmail is better not used because of security
    >> issues.

    >
    > http://www.openbsd.org/faq/faq1.html#HowAbout
    >
    > When was the last time you heard of someone having security problems
    > with sendmail on openbsd?


    Or to look at it another way, the site says "8 yrs without a remote
    exploit in the default install".

    Sendmail is part of the default install.
    --
    mark south: world citizen, net denizen
    echo znexfbhgu2000@lnubb.pb.hx | tr [a-z] [n-za-m]


  5. Re: [Newbie] Howto setup mailserver??

    On 2005-08-30, A. van Leeuwen wrote:
    > I've just started to setup a OpenBSD server on an old laptop. I want to use
    > it as webserver and as mailserver. I already managed to setup a webserver
    > with MySQL and PHP, and can reach it from the internet (with help of the
    > services from www.dyndns.org ). Now I want to setup my own mailserver
    > with spamfilter (and where my three PC's can get there mail from (via
    > Outlook). I've read that Sendmail is better not used because of security
    > issues. I've read that there are other progams like Postfix and qmail (and
    > proberly many others). My questions:
    > - which program's best to use?
    > - are there some good howto's on the web for those program's?


    Try these:

    http://www.pingwales.co.uk/tutorials...n-openbsd.html
    http://www.pingwales.co.uk/tutorials...er-config.html

    I think there's another one on there about a spamfilter. Check the
    links in the articles and at the bottom of the page.

    nb

  6. Re: [Newbie] Howto setup mailserver??

    >
    > Or to look at it another way, the site says "8 yrs without a remote
    > exploit in the default install".
    >
    > Sendmail is part of the default install.

    The issue was SSHD not sendmail :]

    ML

  7. Re: [Newbie] Howto setup mailserver??

    Keith Matthews wrote:
    > A. van Leeuwen wrote:
    >
    >
    >>I've just started to setup a OpenBSD server on an old laptop. I want to
    >>use it as webserver and as mailserver. I already managed to setup a
    >>webserver with MySQL and PHP, and can reach it from the internet (with
    >>help of the services from www.dyndns.org ). Now I want to setup my own
    >>mailserver with spamfilter (and where my three PC's can get there mail
    >>from (via Outlook). I've read that Sendmail is better not used because of
    >>security issues.

    >
    >
    > The OBSD version of Sendmail is fairly safe, but it is not the easiest of
    > programs to configure, especially if you want to do anything beyond a very
    > basic setup. If you've not got any experience of mail servers then I
    > advise chosing something else (unless you really want to tackle a seriously
    > steep learning curve that is). OTOH a real Sendmail guru can make it do
    > things that no other MTA is capable of, but reaching guru status takes a
    > lot of work.
    >
    >
    >>I've read that there are other progams like Postfix and
    >>qmail (and proberly many others). My questions:

    >
    >
    > Not many people would recommend qmail these days, largely because the author
    > insists on a rather strange licence. Also it is no longer maintained by the
    > original author and several features now regarded as vital are only
    > available by 3rd-part patches which may not be coded to the same standard.
    >
    > The more popular alternatives to Sendmail are postfix and exim. Both are
    > still under active development with very active support communities.
    >
    >
    >>- which program's best to use?

    >
    >
    > How long is a piece of string. Both are good, both have good security
    > records, both are used by some seriously heavy traffic sites, they are
    > configured in very different ways. One of those ways may be incompatible
    > with the way your mind works.
    >
    >
    >>- are there some good howto's on the web for those program's?
    >>

    >
    >
    > www.postfix.org has a lot of info as has www.exim.org.
    >
    > My feeling is that postfix has the better introductory documentation while
    > exim has the better reference documentation. As ever YMMV.
    >
    > There are several books on Postfix, some of which are very good. Not sure
    > about Exim.


    I would still recommend sendmail ... it is a standard for MTA isn't it ?
    It's in default installation for a reason.

    I agree with you as far as qmail is concerned plus it's virtually
    incomprehensible for someone who's been in sendmail and postfix all his
    life. (Tho I have a working install)

    Postfix + amavis works great (with clamav and spamassassin)


    ML

  8. Re: [Newbie] Howto setup mailserver??

    On Wed, 31 Aug 2005 11:07:23 +0200, Martin Latos wrote:

    >>
    >> Or to look at it another way, the site says "8 yrs without a remote
    >> exploit in the default install".
    >>
    >> Sendmail is part of the default install.

    > The issue was SSHD not sendmail :]


    Yes, but the OP seemed to be under the impression that sendmail is a
    security problem at the present, whereas the statement on the website
    provides a simple to demonstrate lower bound of 8 years of safety.

    A free and useful lower bound beats a rigorous calculation most times.
    --
    mark south: world citizen, net denizen
    echo znexfbhgu2000@lnubb.pb.hx | tr [a-z] [n-za-m]


  9. Re: [Newbie] Howto setup mailserver??

    Martin Latos wrote:


    >
    > I would still recommend sendmail ... it is a standard for MTA isn't it ?
    > It's in default installation for a reason.
    >
    >


    I've seen two reasons given -

    1 Theo does not like the license, he considers it to be free (the way the
    qmail one was not) but it has some limitations he does not like. I've seen
    posts from the man himself to this effect. How this will be affected by the
    licence rationalisation being carried out by the OSI remains to be seen.

    2. Reputedly Theo will not accept anything that is incompatible with
    sendmail.cf. And sendmail.cf is the biggest part of the learning curve.



    There is also the issue that changing the default is a major problem for
    existing installations due to changes in config files. This is probably at
    the root of 2 above. New installations are another matter though.

    Some Linux distributions are now using postfix as the default (SuSE
    certainly and I suspect Mandriva do so too) so changes may happen. A lot
    depends on whether we get a new rash of security incidents with Sendmail,
    there've been none for nearly 2 years now, but any really nasty ones may
    well prompt a review of the situation with many FLOSS packagers (after all
    quite a few dumped WU-ftpd for proftpd after the last rash of security
    incidents).

  10. Re: [Newbie] Howto setup mailserver??

    "Keith Matthews" wrote in message
    news:VsKdnZ2dnZ1qi4munZ2dna0sid6dnZ2dRVny3Z2dnZ0@e clipse.net.uk...
    >
    > The more popular alternatives to Sendmail are postfix and exim. Both are
    > still under active development with very active support communities.


    I've succumbed to peer pressure and am seriously looking at Exim. First
    impressions: I think I'd be far more in control than I ever was with
    Sendmail, but I'm not there yet. Likely a more attainable, and configurable,
    summit than Sendmail.

    Steve
    http://www.fivetrees.com



  11. Re: [Newbie] Howto setup mailserver??

    According to Mark South :
    > On Wed, 31 Aug 2005 11:07:23 +0200, Martin Latos wrote:
    >
    > >>
    > >> Or to look at it another way, the site says "8 yrs without a remote
    > >> exploit in the default install".
    > >>
    > >> Sendmail is part of the default install.

    > > The issue was SSHD not sendmail :]

    >
    > Yes, but the OP seemed to be under the impression that sendmail is a
    > security problem at the present, whereas the statement on the website
    > provides a simple to demonstrate lower bound of 8 years of safety.


    Note that OpenBSD puts sendmail in a chroot jail, so I think
    that it is not particularly trusted. Just put where it can be run with
    minimal risk to the system itself.

    > A free and useful lower bound beats a rigorous calculation most times.


    But I'm not sure that this counts as a true lower bound, given
    the distrust that the writers of OpenBSD seem to feel towards sendmail.
    (I don't trust it either -- and have been using qmail for some time
    now. :-)

    > --
    > mark south: world citizen, net denizen
    > echo znexfbhgu2000@lnubb.pb.hx | tr [a-z] [n-za-m]


    Hmm ... a not-so-portable implementation of rot13. :-)
    On Solaris, I have to replace the square brackets with single quotes,
    and on OpenBSD I have to escape each square bracket. (This is running
    in tcsh on both systems, FWIW.)

    Enjoy,
    DoN.

    --
    Email: | Voice (all times): (703) 938-4564
    (too) near Washington D.C. | http://www.d-and-d.com/dnichols/DoN.html
    --- Black Holes are where God is dividing by zero ---

  12. Re: [Newbie] Howto setup mailserver??

    On Tue, 06 Sep 2005 04:35:15 +0000, DoN. Nichols wrote:

    > According to Mark South :
    >> On Wed, 31 Aug 2005 11:07:23 +0200, Martin Latos wrote:
    >>
    >> >> Or to look at it another way, the site says "8 yrs without a remote
    >> >> exploit in the default install".
    >> >>
    >> >> Sendmail is part of the default install.
    >> > The issue was SSHD not sendmail :]

    >>
    >> Yes, but the OP seemed to be under the impression that sendmail is a
    >> security problem at the present, whereas the statement on the website
    >> provides a simple to demonstrate lower bound of 8 years of safety.

    >
    > Note that OpenBSD puts sendmail in a chroot jail, so I think
    > that it is not particularly trusted. Just put where it can be run with
    > minimal risk to the system itself.


    Mechanism does not change conclusion.

    >> A free and useful lower bound beats a rigorous calculation most times.

    >
    > But I'm not sure that this counts as a true lower bound, given
    > the distrust that the writers of OpenBSD seem to feel towards sendmail.
    > (I don't trust it either -- and have been using qmail for some time
    > now. :-)


    I'd still like to meet a fully functional MTA that didn't use Victorian
    design and baroque configuration, but I'm badly prejudiced.

    >> --
    >> mark south: world citizen, net denizen echo znexfbhgu2000@lnubb.pb.hx |
    >> tr [a-z] [n-za-m]

    >
    > Hmm ... a not-so-portable implementation of rot13. :-)


    It's a highly effective one, especially for...

    > On Solaris, I have to replace the square brackets with single quotes,
    > and on OpenBSD I have to escape each square bracket. (This is running
    > in tcsh on both systems, FWIW.)


    ....flushing people using broken shells :-)

    Since it's obviously rot13, if one wanted to mail me it's quicker to use
    the rot13 function in their news client than the shell.
    --
    mark south: world citizen, net denizen
    echo znexfbhgu2000@lnubb.pb.hx | tr [a-z] [n-za-m]


  13. Re: [Newbie] Howto setup mailserver??

    According to Mark South :
    > On Tue, 06 Sep 2005 04:35:15 +0000, DoN. Nichols wrote:
    >
    > > According to Mark South :


    [ ... ]

    > >> Yes, but the OP seemed to be under the impression that sendmail is a
    > >> security problem at the present, whereas the statement on the website
    > >> provides a simple to demonstrate lower bound of 8 years of safety.

    > >
    > > Note that OpenBSD puts sendmail in a chroot jail, so I think
    > > that it is not particularly trusted. Just put where it can be run with
    > > minimal risk to the system itself.

    >
    > Mechanism does not change conclusion.


    It supports the conclusion that sendmail (*without* the chroot
    jail) is not to be considered fully trustworthy.

    [ ... ]

    > >> mark south: world citizen, net denizen echo znexfbhgu2000@lnubb.pb.hx |
    > >> tr [a-z] [n-za-m]

    > >
    > > Hmm ... a not-so-portable implementation of rot13. :-)

    >
    > It's a highly effective one, especially for...
    >
    > > On Solaris, I have to replace the square brackets with single quotes,
    > > and on OpenBSD I have to escape each square bracket. (This is running
    > > in tcsh on both systems, FWIW.)

    >
    > ...flushing people using broken shells :-)


    And which shell would you consider not broken? This is a
    difference in syntax between BSD and SysV versions of tr, not a shell
    problem. I've just tested it (on a Solaris 10 system) with:

    sh, zsh, ksh, bash, and csh, and it did not work as posted in
    any of them. In particular, the un-escaped and un-quoted '[' invokes
    the "test" program on Solaris-10 -- and even on BSD-flavored SunOs
    4.1.4. And -- I see that it is still so on the latest OpenBSD machine
    which I currently have running. (Yes, I know that this is an OpenBSD
    group, and I run several OpenBSD machines, but my chairside machine for
    normal interacting with the world happens to be running Solaris 10.)

    > Since it's obviously rot13, if one wanted to mail me it's quicker to use
    > the rot13 function in their news client than the shell.


    Agreed -- or a standalone rot13 -- which leads to the question
    of why bother with the shell implementation? Just showing off?

    Enjoy,
    DoN.

    --
    Email: | Voice (all times): (703) 938-4564
    (too) near Washington D.C. | http://www.d-and-d.com/dnichols/DoN.html
    --- Black Holes are where God is dividing by zero ---

  14. Re: [Newbie] Howto setup mailserver??

    On Tue, 06 Sep 2005 23:43:33 +0000, DoN. Nichols wrote:

    > According to Mark South :
    >> On Tue, 06 Sep 2005 04:35:15 +0000, DoN. Nichols wrote:
    >>
    >> > According to Mark South :

    >
    > [ ... ]
    >
    >> >> Yes, but the OP seemed to be under the impression that sendmail is a
    >> >> security problem at the present, whereas the statement on the website
    >> >> provides a simple to demonstrate lower bound of 8 years of safety.
    >> >
    >> > Note that OpenBSD puts sendmail in a chroot jail, so I think
    >> > that it is not particularly trusted. Just put where it can be run with
    >> > minimal risk to the system itself.

    >>
    >> Mechanism does not change conclusion.

    >
    > It supports the conclusion that sendmail (*without* the chroot
    > jail) is not to be considered fully trustworthy.
    >
    > [ ... ]
    >
    >> >> mark south: world citizen, net denizen echo znexfbhgu2000@lnubb.pb.hx |
    >> >> tr [a-z] [n-za-m]
    >> >
    >> > Hmm ... a not-so-portable implementation of rot13. :-)

    >>
    >> It's a highly effective one, especially for...
    >>
    >> > On Solaris, I have to replace the square brackets with single quotes,
    >> > and on OpenBSD I have to escape each square bracket. (This is running
    >> > in tcsh on both systems, FWIW.)

    >>
    >> ...flushing people using broken shells :-)

    >
    > And which shell would you consider not broken? This is a
    > difference in syntax between BSD and SysV versions of tr, not a shell
    > problem. I've just tested it (on a Solaris 10 system) with:
    >
    > sh, zsh, ksh, bash, and csh, and it did not work as posted in
    > any of them. In particular, the un-escaped and un-quoted '[' invokes
    > the "test" program on Solaris-10 -- and even on BSD-flavored SunOs
    > 4.1.4. And -- I see that it is still so on the latest OpenBSD machine
    > which I currently have running. (Yes, I know that this is an OpenBSD
    > group, and I run several OpenBSD machines, but my chairside machine for
    > normal interacting with the world happens to be running Solaris 10.)
    >
    >> Since it's obviously rot13, if one wanted to mail me it's quicker to use
    >> the rot13 function in their news client than the shell.

    >
    > Agreed -- or a standalone rot13 -- which leads to the question
    > of why bother with the shell implementation? Just showing off?


    Usenet is a deadly serious matter to some people, wouldn't you agree?
    --
    mark south: world citizen, net denizen
    echo znexfbhgu2000@lnubb.pb.hx | tr [a-z] [n-za-m]


  15. Re: [Newbie] Howto setup mailserver??

    On 31/08/2005 11:21 PM, Steve at fivetrees wrote:
    > "Keith Matthews" wrote in message
    > news:VsKdnZ2dnZ1qi4munZ2dna0sid6dnZ2dRVny3Z2dnZ0@e clipse.net.uk...
    >
    >>The more popular alternatives to Sendmail are postfix and exim. Both are
    >>still under active development with very active support communities.

    >
    >
    > I've succumbed to peer pressure and am seriously looking at Exim. First
    > impressions: I think I'd be far more in control than I ever was with
    > Sendmail, but I'm not there yet. Likely a more attainable, and configurable,
    > summit than Sendmail.
    >


    I'd have to vote for Postfix. We run a pretty serious multi-server SMTP
    system with spam protection here at the office using all Postfix, and it
    has never let us down. I run it locally at home, but that is a pretty
    minimal install.

    AFAIAC, "Postfix" is synonymous with "ease of use", "easy to make
    secure" and "high-availability."

  16. Re: [Newbie] Howto setup mailserver??

    Begin
    On 2005-09-06, DoN. Nichols wrote:
    > Hmm ... a not-so-portable implementation of rot13. :-)
    > On Solaris, I have to replace the square brackets with single quotes,
    > and on OpenBSD I have to escape each square bracket. (This is running
    > in tcsh on both systems, FWIW.)


    Using the FreeBSD project site manpage cgi to look at OpenBSD and system
    seven manpages of tr, I can't help but notice that the synopsis calls
    for ``strings'', not regexp-style character classes. Meaning that the
    square brackets just get translated into themselves. You can safely leave
    them out because they just get translated to themselves again.


    --
    j p d (at) d s b (dot) t u d e l f t (dot) n l .

  17. Re: [Newbie] Howto setup mailserver??

    According to jpd :
    > Begin
    > On 2005-09-06, DoN. Nichols wrote:
    > > Hmm ... a not-so-portable implementation of rot13. :-)
    > > On Solaris, I have to replace the square brackets with single quotes,
    > > and on OpenBSD I have to escape each square bracket. (This is running
    > > in tcsh on both systems, FWIW.)

    >
    > Using the FreeBSD project site manpage cgi to look at OpenBSD and system
    > seven manpages of tr, I can't help but notice that the synopsis calls
    > for ``strings'', not regexp-style character classes. Meaning that the
    > square brackets just get translated into themselves. You can safely leave
    > them out because they just get translated to themselves again.


    On Solaris 10:

    ================================================== ====================
    Fuego:dnichols 13:48 > echo furrfu | /usr/ucb/tr 'a-z' 'n-za-m'
    sheesh
    Fuego:dnichols 13:48 > echo furrfu | tr 'a-z' 'n-za-m'
    furrfu
    Fuego:dnichols 13:49 > echo furrfu | tr '[a-z]' '[n-za-m]'
    -urr-u
    Fuego:dnichols 13:50 > echo furrfu | tr '[a-z]' '[n-z][a-m]'
    sheesh
    ================================================== ====================

    Note that the /usr/ucb/tr is the same one which was found on the old
    BSD based SunOS 4.1.4 and similar.

    On OpenBSD:

    ================================================== ====================
    curlmakr:csu 12:27 # echo furrfu | tr 'a-z' 'n-za-m'
    sheesh
    curlmakr:csu 13:53 # echo furrfu | tr '[a-z]' '[n-za-m]'
    sheesh
    curlmakr:csu 13:54 # echo furrfu | tr '[a-z]' '[n-z][a-m]'
    sfccsf
    ================================================== ====================

    So -- it is obvious that the same syntax does not work equally
    well on both versions of tr.

    Enjoy,
    DoN.
    --
    Email: | Voice (all times): (703) 938-4564
    (too) near Washington D.C. | http://www.d-and-d.com/dnichols/DoN.html
    --- Black Holes are where God is dividing by zero ---

+ Reply to Thread