RE: Setting up a mail server
- To: "'Debian Security'" <firstname.lastname@example.org>
- Subject: RE: Setting up a mail server
- From: "Andy Coates" <email@example.com>
- Date: Wed, 4 Sep 2002 02:16:28 +0100
- Message-id: <000e01c253b0$b238c690$163c98d5@DARLA>
- In-reply-to: <20020904004702.GA1664@gashuffer>
> Hello all,
> Now I find myself in the position of changing the setup, so
> that it is a
> real internet-facing mail server. It will act as the MX for
> my domain,
> using exim, and will distribute the mail to people, either still with
> qpopper or with an IMAP server (haven't decided yet).
> There are several questions I have at this point:
> I would like to add user accounts, so that exim and qpopper (or IMAP)
> accept and deliver mail for them, but not allow these users shell
> access. Is changing their shell to /bin/false enough, or is there a
> smarter way (or one that is not quite so manual?)
You'd want to go one step further and forget even adding them an
account. Qpopper supports PAM modules for other authentication than
/etc/passwd, as well as third-party patches for alternate mechanisms.
This usually means that all mail on the system is handled by one user,
since there is no individual unix accounts actually in use.
I don't use qpopper myself (since IIRC it doesn't support IMAP, just
POP3). If you're open to alternatives, have a look at Courier MTA
(http://www.courier-mta.org/) which supports both POP3 and IMAP via many
authentication systems, and it'll also do your SSL. Main reason I use
this is for integration with qmailadmin/vpopmail, but even with exim
since it uses Maildir format so your mail deliveries won't need any
> Many of these user accounts will no doubt be sending and
> receiving email
> from dial-up accounts, which limits the ability to deny service on a
> per-IP basis. Suggestions for security, with pointers, please? I
> already plan on SSL, I'm asking I guess more about open relay
> issues in
> this sort of setup. Also, these user accounts will not be
> dialing into
> an ISP that I control, but I may wish to allow them to use me as a
> smarthost - does this seem foolish? I am undecided.
Use SMTP AUTH with exim too (no special patches needed). You can
configure it to query wherever you decide to authenticate POP3/IMAP
from, so you have one password for both reading and sending mail.
> Anything you think I'm leaving out? I've done a lot of googling and
> RTFM'ing recently, but I haven't found a really good guide to
> security considerations for a mail host - if someone has a
> good link it
> would be appreciated.
I'd look at the whole picture - you'll be giving users access to mail,
and the ability to relay mail. Both require authentication, so you'd
save yourself a lot of hassle if both authenticated against the same
There's probably hundreds of combinations to achieve that, but since
Courier is probably the most configurable with regards to
authentication, and exim is just sexy anyway, I'd say those two are your
best bet. Both can be configured to authenticate against a MySQL
database (or LDAP), which are relatively easy to setup and plenty of
examples on the web on how to do so.
You seem to be aiming for a very secure system, so what I've said might
not be the *ultimate* secure system, but it is very simple and easily
managed - as well as being as safe as you'll probably ever need.