Re: Mail server for local lan
On Fri, 15 Mar 2002, Harry Putnam wrote:
> The things I'm really unsure about are:
>
> 1) What daeman do I need to have running (pop3d Imapd...). I intend
> to have other household machines retreive via pop3 from this
> server.
Although I prefer IMAP, you can use any POP3 daemon that you
like. There are many Debian packages which provide POP3 daemons,
"apt-cache search pop3" will list some of them.
> 2) Do other machine users really have to have accounts on debian box?
> or just a mailbox at /var/mail?
It all depends on how you set it up. I create local user accounts
for each user, although logging in is disabled.
> 3) If I have a daemon running, is it possible to setup so that it only
> runs when a machine connects.
You can run either POP3 or IMAP daemons from inetd (or tcpserver, etc.)
inetd will bind to the port and the actual daemon itself won't be
running. When a client connect, inetd will invoke the daemon and the
daemon will handle it from there.
> 4) How can I bar any machines that are not 192.xxx.xxx from the
> 143/110 port.
If you're using inetd, you have two lines of defense. The first
line of defense is Linux's built-in packet filter, which you can
easily tell to not allow anything for those ports from anywhere
except your network. Your second line of defense is tcp wrappers
(man tcpd, man 5 hosts_access).
> 5) what do I have to tell exim in order for it to know to send the
> other machines outgoing mail to my isp smart_host.
>From exim.conf:
# Send all mail to a smarthost
smarthost:
driver = domainlist
transport = remote_smtp
route_list = "* mail.home.lan bydns_a"
end
Replace "mail.home.lan" with your ISP's mail server's hostname.
> 6) can all this be made invisible to the internet, so that a scan will
> not show 143/110 as running or open?
Your firewall can invisibly drop packets to either of those ports.
> I am behind a hardware firewall already (Netgear FR314) which I think
> will hide the open ports from the internet. but still want
> to make all precautions. And know how to setup so that only my network
> machines get access.
Using tcp wrappers in conjunction with a packet filtering firewall,
you should have no problems. Besides, you said you already have
a hardware firewall in between your network and the public Internet.
HTH.
j.
--
Jeremy Gaddis <jeremy@gaddis.org>
Reply to: