Re: help: setting up dial-in mail server
I've just done something similar here at Ban-Koe. I just set up normal
PPP access, then used ipfwadm to filter out all packets except those
destined for the appropriate ports on the mail server. It appears to be
working-- allows access to the mail server, and prevents any other
types of use. I'd be happy to provide more specific information, if you
decide to go this way.
Marc
----------
Marc Mongeon <mongeon@bankoe.com>
Unix Specialist
Ban-Koe Systems
9100 W Bloomington Fwy
Bloomington, MN 55431-2200
(612)888-0123, x417 | FAX: (612)888-3344
----------
"It's such a fine line between clever and stupid."
-- David St. Hubbins and Nigel Tufnel of "Spinal Tap"
>>> Bob Billson <bob@goleader.com> 07/08 7:57 PM >>>
g'day Debianers... It's been a long day. I've been searching through the
HOWTOs and on the Web. My brain is burnt. I need some help! :-)
I set up a Debian (slink) box set up as a mail/file server for a small local
newspaper a few months ago. The same machine connects their Win95 LAN to the
Net through a cable modem. Works great!
Today, I was asked to set up a special use account. They want to allow a few
select users to be able to dial in from a Windows machine to get/send mail
through a POP server and *nothing else*. The "nothing else" was emphasized.
They don't want the users to be able to roam around the Linux box, the
internal LAN or get out on to the Net directly. If the user somehow breaks
out of POP server, they want to connection to die immediately.
I already have a dial-in PPP account for a branch office of the paper.
However, that account it allowed to do anything any local user can do. So
obviously sharing the account it out. I tried two different approaches
today and ran into problems with each. I could use some advice and help on
which is the better approach and some suggestions why it isn't working.
First, I tried setting up another PPP account , but couldn't figure out how to
restrict it to only pop3, imap and smtp. I had it sort of working, however
once the POP or IMAP server exited, the user is dumped into a regular shell.
Definitely not good!
Second, I tried a regular shell account, however the user's .bash_profile
contained:
/bin/stty -echo -onlret
exec /usr/sbin/ipop3d
exit 0
(Probably don't need the last line, but it's there as a "just in case".)
That worked better, but not perfectly. When we ran tests with Eudora Light,
which is what they will be using, we had some problems. Apparently, Eudora
barfs if sees any newlines or echoed characters. This the reason for the
first line. This wasn't reliable though. Watching the output from the ipop3d,
we saw newlines would sometimes get sent, choking Eudora. Try again worked
fine. Try again sometimes it worked correctly other times not.
When it did work, the Windows machine could receive mail just fine. However,
it would hang when it tried to send mail with a "telnet to mail.example.com
port 25". Eventually, it would time out. Other than not reliably passing
mail, the connection died as soon as the POP server died, so that much is
good. :-/
I'm hoping someone has already gotten Eudora to talk to a Debian box. If
not some advice on what I'm doing wrong with either approach would be very
well! Thanks for the help!!
bob
--
bob billson email: bob@goleader.com ham: kc2wz
(\ /)
{|||8- beekeeper ...3 years -8|||} Linux! Because there is
(/ 60,000 head of livestock \) no place like $HOME.
"CIA terrorist NSA bomb spy KGB drugs nuclear agent war GCHQ... Hi Echelon!"
--
Unsubscribe? mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
Reply to: