Re: Mail server for local lan

To: Harry Putnam <reader@newsguy.com>
Cc: debian-user@lists.debian.org
Subject: Re: Mail server for local lan
From: Jeremy Gaddis <jeremy@gaddis.org>
Date: Fri, 15 Mar 2002 19:52:47 -0500 (EST)
Message-id: <[🔎] Pine.BSO.4.40.0203151945590.24669-100000@earthquake.home.lan>
In-reply-to: <[🔎] m17kode9ad.fsf@reader.newsguy.com>

On Fri, 15 Mar 2002, Harry Putnam wrote:

> The things I'm really unsure about are:
>
> 1) What daeman do I need to have running (pop3d Imapd...).  I intend
>    to have other household machines retreive via pop3 from this
>    server.

Although I prefer IMAP, you can use any POP3 daemon that you
like.  There are many Debian packages which provide POP3 daemons,
"apt-cache search pop3" will list some of them.

> 2) Do other machine users really have to have accounts on debian box?
>    or just a mailbox at /var/mail?

It all depends on how you set it up.  I create local user accounts
for each user, although logging in is disabled.

> 3) If I have a daemon running, is it possible to setup so that it only
>    runs when a machine connects.

You can run either POP3 or IMAP daemons from inetd (or tcpserver, etc.)
inetd will bind to the port and the actual daemon itself won't be
running.  When a client connect, inetd will invoke the daemon and the
daemon will handle it from there.

> 4) How can I bar any machines that are not 192.xxx.xxx from the
>    143/110 port.

If you're using inetd, you have two lines of defense.  The first
line of defense is Linux's built-in packet filter, which you can
easily tell to not allow anything for those ports from anywhere
except your network.  Your second line of defense is tcp wrappers
(man tcpd, man 5 hosts_access).

> 5) what do I have to tell exim in order for it to know to send the
>    other machines outgoing mail to my isp smart_host.

>From exim.conf:

# Send all mail to a smarthost

smarthost:
  driver = domainlist
  transport = remote_smtp
  route_list = "* mail.home.lan bydns_a"

end

Replace "mail.home.lan" with your ISP's mail server's hostname.

> 6) can all this be made invisible to the internet, so that a scan will
>    not show 143/110 as running or open?

Your firewall can invisibly drop packets to either of those ports.

> I am behind a hardware firewall already (Netgear FR314) which I think
> will hide the open ports from the internet. but still want
> to make all precautions.  And know how to setup so that only my network
> machines get access.

Using tcp wrappers in conjunction with a packet filtering firewall,
you should have no problems.  Besides, you said you already have
a hardware firewall in between your network and the public Internet.

HTH.

j.

--
Jeremy Gaddis     <jeremy@gaddis.org>

Reply to:

References:
- Mail server for local lan
  - From: Harry Putnam <reader@newsguy.com>

Prev by Date: Is the list broken?
Next by Date: Re: Latest Woody boot floppies & reiserfs
Previous by thread: Mail server for local lan
Next by thread: Re: Mail server for local lan
Index(es):
- Date
- Thread