*nix mail question
Results 1 to 7 of 7

Thread: *nix mail question

  1. #1
    Senior Member
    Join Date
    Mar 2003
    Location
    central il
    Posts
    1,779

    *nix mail question

    I have two questions about *nix mail. My mail server is a mandrake 8.0 install with all the relivent patches to sendmail.

    The first one is not truly a security question but...I'm having a hell of a time blocking spam at my home server, I'm running sendmail as my smtp and I usually use mail or pine to read my mail. I attempted to install spammassain with some addin to block spam at the server but failed miserably (had to restore system from backups). From what I can tell Spamassain is a good utility but wants to block Spam at the pop3/imap side of things, any suggestions out there on a easy to install Imap or POP3 server that runs with sendmail and what is the benefits of either?

    The smtp port and the ssh port are curently the only ports accessable to the outside world waht ports would I have to open up to allow for IMAP or POP3?

  2. #2
    Senior Member problemchild's Avatar
    Join Date
    Jul 2002
    Posts
    551
    Funny you should ask......

    This is just MHO, but if it were me, I believe that all things being equal I would ditch sendmail in favor of postfix. Sendmail is just atrocious in a lot of respects, and its security record is.... well....

    Anyway, to your question.... There is a lot of good documentation on how to set up SpamAssassin with sendmail or postfix out there. SpamAssassin is called by procmail, so all you really have to do is decide how and where you want to invoke procmail.

    These are some of the resources I used in building my server, so maybe some of these will do what you are looking for.

    http://www.linuxworld.com/site-stori...318.ldap1.html
    http://www.geocities.com/scottlhende...pamfilter.html
    http://scott.yang.id.au/archives/000044.php

    waht ports would I have to open up to allow for IMAP or POP3?
    POP3 user port 110, and IMAP uses 143.
    Do what you want with the girl, but leave me alone!

  3. #3
    Senior Member
    Join Date
    Mar 2003
    Location
    central il
    Posts
    1,779
    I will check out the links they look like exactly what I want. Unfortunately I couldn't figure out how to get postfix to do what I wanted (route mail to multi domains to the correct ip address in the internal network, this was just a quick vi edit in sendmail) so I went with sendmail. As for the security at one point I wrote a email package( CS senior project) and know what goes into it, I figure any system that doesnít have a lot of patches hasnít been tested heavily yet. Well if I can get spammassain working with sendmail perhaps I wonít need pop or IMAP, I prefer pine to most mail readers.

  4. #4
    Member
    Join Date
    Jul 2001
    Posts
    62
    Ok I would have to disaggree that sendmail is atrocious. It is a very flexible system but does require a great deal of knowlege to use. If you are looking for something simple, then no sendmail is not for you. But if you want control and plenty of security options then sendmail is great. As for the security record, well since it is the most used mail server in unix it is being inspected by all hackers for vulnerabilities. It actually hasn't had too bad a record until recently.

    Anyway, yes postfix is a lot easier to use, but sendmail is a lot better to use.

    Procmail is the easiest way to invoke spamassassin. That part I aggree with.

    Just my opinion.
    dAggressor

    It\'s a long life, until you die

  5. #5
    Senior Member problemchild's Avatar
    Join Date
    Jul 2002
    Posts
    551
    I don't want to take this too far off topic and turn it into a sendmail debate, but I do want to clarify my statement because I think I chose my words poorly. No, sendmail is not atrocious in the sense that it isn't a good or powerful MTA. It is both, and I don't take anything away from it in that sense.

    But there are undeniable problems that plague sendmail that aren't going away any time soon because of the way it was designed. It was developed at a time when functionality was the operative word and nobody really cared about security because the Internet was an honest, trusting place. Consequently, you see things like sendmail running suid root, which is a big no-no in today's environment and which is a pitfall other MTAs avoid. It's those kinds of things that I was referring to, not to any deficiency in its capabilities. Any package which appears on the SANS top 20 security risks year after year is a no-no in my book if there are viable alternatives.

    I also think there is a certain amount of elitism attached to sendmail that keeps it alive. That is, I think there are a fair number of sysadmins out there that cling to it because they like to fancy themselves "old school" admins and enjoy being able to configure a difficult piece of software like sendmail that many others can't. I'm not saying that that's a bad thing, because these people have a vast wealth of knowledge, but I do think it tends to obfuscate the fact that other more secure agents like qmail and postfix will do just fine in the vast majority of situations. They're just not macho like sendmail.
    It actually hasn't had too bad a record until recently.
    Come again? I can't think of any package which has had more published vulnerabilities than sendmail, with the possible exception of bind. A good rule of thumb is that past performance is a pretty good indicator or future performance, and I see no reason to think sendmail's track record is going to start improving at this point. IMO, they need to do what bind did and start over from scratch.

    http://cr.yp.to/maildisasters/sendmail.html
    http://www.saintcorporation.com/demo...abilities.html
    well since it is the most used mail server in unix it is being inspected by all hackers for vulnerabilities.
    a.k.a. the Microsoft excuse. If that's true, why does Apache not have a similar record since it's the most widely used web server on the Internet?
    Do what you want with the girl, but leave me alone!

  6. #6
    Member
    Join Date
    Jul 2001
    Posts
    62
    Ok I wasn't going to reply, but I just can't help myself. I am not saying that sendmail is perfect. Everything has security holes, it is just a matter of someone looking for them. In that respect "The 'ol Microsoft excuse" isn't an excuse it is a fact. Who is going to waste their time learning to hack something that no one uses?

    If you keep sendmail current (patches etc) you can not find a better server with as much control and features as it has. I have tried postfix and ended up switching back to sendmail.

    Now I will stop.
    dAggressor

    It\'s a long life, until you die

  7. #7
    Sendmail can be trickky but if you want to simplify it and are lazy like me i suggest webmin it has a great sendmail module
    in its latest version plus its security is a lot better than it used to be .To simply restrict webmin for local use use your hosts.deny to block the port.Cheers

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •