This one time, at band camp, Andy Coates said: > > Hello all, > > [snip] > > > Now I find myself in the position of changing the setup, so > > that it is a > > real internet-facing mail server. It will act as the MX for > > my domain, > > using exim, and will distribute the mail to people, either still with > > qpopper or with an IMAP server (haven't decided yet). > > > > There are several questions I have at this point: > > > > I would like to add user accounts, so that exim and qpopper (or IMAP) > > accept and deliver mail for them, but not allow these users shell > > access. Is changing their shell to /bin/false enough, or is there a > > smarter way (or one that is not quite so manual?) > > You'd want to go one step further and forget even adding them an > account. Qpopper supports PAM modules for other authentication than > /etc/passwd, as well as third-party patches for alternate mechanisms. > This usually means that all mail on the system is handled by one user, > since there is no individual unix accounts actually in use. > > I don't use qpopper myself (since IIRC it doesn't support IMAP, just > POP3). If you're open to alternatives, have a look at Courier MTA > (http://www.courier-mta.org/) which supports both POP3 and IMAP via many > authentication systems, and it'll also do your SSL. Main reason I use > this is for integration with qmailadmin/vpopmail, but even with exim > since it uses Maildir format so your mail deliveries won't need any > special tweaking. > > > Many of these user accounts will no doubt be sending and > > receiving email > > from dial-up accounts, which limits the ability to deny service on a > > per-IP basis. Suggestions for security, with pointers, please? I > > already plan on SSL, I'm asking I guess more about open relay > > issues in > > this sort of setup. Also, these user accounts will not be > > dialing into > > an ISP that I control, but I may wish to allow them to use me as a > > smarthost - does this seem foolish? I am undecided. > > Use SMTP AUTH with exim too (no special patches needed). You can > configure it to query wherever you decide to authenticate POP3/IMAP > from, so you have one password for both reading and sending mail. > > > Anything you think I'm leaving out? I've done a lot of googling and > > RTFM'ing recently, but I haven't found a really good guide to > > practical > > security considerations for a mail host - if someone has a > > good link it > > would be appreciated. > > I'd look at the whole picture - you'll be giving users access to mail, > and the ability to relay mail. Both require authentication, so you'd > save yourself a lot of hassle if both authenticated against the same > passwords/database. > > There's probably hundreds of combinations to achieve that, but since > Courier is probably the most configurable with regards to > authentication, and exim is just sexy anyway, I'd say those two are your > best bet. Both can be configured to authenticate against a MySQL > database (or LDAP), which are relatively easy to setup and plenty of > examples on the web on how to do so. > > You seem to be aiming for a very secure system, so what I've said might > not be the *ultimate* secure system, but it is very simple and easily > managed - as well as being as safe as you'll probably ever need. > > HTH, > Andy. No, I think you about hit it on the head - I'm not doing anything with this box other than serving mail for friends, so if it gets cracked, it's really not the end of the world. On the other hand, I'd like to have reasonable safeguards set up so I can save myself the headache of a cracking. I'll look into Courier and SQL - SQL was something I was planning to learn anyway, and this gives me the excuse. Thanks all, Steve -- Boob's Law: You always find something in the last place you look.
Description: PGP signature