[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Setting up a mail server



Hello all,

I'm getting ready to set up a mail server, and I have a few questions
that I was hoping people would have opinions on.  Right now I have a box
that collects my mail with fetchmail, and then allows other boxes on the
LAN to collect from it via qpopper.  All direct outside access is
blocked, first with iptables, and then with both tcpwrap and qpopper
itself.

Now I find myself in the position of changing the setup, so that it is a
real internet-facing mail server.  It will act as the MX for my domain,
using exim, and will distribute the mail to people, either still with
qpopper or with an IMAP server (haven't decided yet).

There are several questions I have at this point:

I would like to add user accounts, so that exim and qpopper (or IMAP)
accept and deliver mail for them, but not allow these users shell
access.  Is changing their shell to /bin/false enough, or is there a
smarter way (or one that is not quite so manual?)

Many of these user accounts will no doubt be sending and receiving email
from dial-up accounts, which limits the ability to deny service on a
per-IP basis.  Suggestions for security, with pointers, please?  I
already plan on SSL, I'm asking I guess more about open relay issues in
this sort of setup.  Also, these user accounts will not be dialing into
an ISP that I control, but I may wish to allow them to use me as a
smarthost - does this seem foolish?  I am undecided.

Anything you think I'm leaving out?  I've done a lot of googling and
RTFM'ing recently, but I haven't found a really good guide to practical
security considerations for a mail host - if someone has a good link it
would be appreciated.

Last question, I swear (for now at least (^8 ) - should I register my
SSL cert through Verisign, which (although I haven't yet researched it,
is I assume not free, or can I safely just generate my own?  Again,
pointers appreciated.

TIA, all,
Steve
-- 
Overdrawn?  But I still have checks left!

Attachment: pgpllxxxPXMXY.pgp
Description: PGP signature


Reply to: