Archive

Articles taggués ‘Postfix’

ISPConfig 3 + Squeeze – SSL/TLS 465 SMTP Fail

26/09/2022 Aucun commentaire

ispconfigSource: howtoforge.com

Hi there.

New install of ISPConfig 3 on Debian Squeeze [previously on Lenny]

Created using: http://www.ispconfig.org/news/tutorial-the-perfect-server-debian-squeeze-debian-6-0-with-bind-courier-ispconfig-3/

Previous server used:

Port: 465
Connection security: SSL/TLS
Authentication method: normal password

If I try to use these setting on this fresh install [complete format with previous back up files stored on a seperate drive] I get the following error:

Sending of message failed.

The message could not be sent because connecting to SMTP server mail.myserver.com (changed from real name – error has correct name) failed. The server may be unavailable or is refusing SMTP connections. Please verify that your SMTP server settings are correct and try again, or contact the server administrator.

I can send using:

Port: 25
Connection security: STARTTLS
Authentication method: normal password

No errors appear in mail.log or mail.err

I’ve compared the master.cf pre/post [original/current]

Differing section appears to be:

Original

smtp inet n - - - - smtpd
submission inet n - - - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticate d,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticate d,reject
-o milter_macro_daemon_name=ORIGINATING

Current

smtp inet n - - - - smtpd
#submission inet n - - - - smtpd
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - - - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
# -o milter_macro_daemon_name=ORIGINATING

main.cf has a couple of minor differences

Original

smtpd_tls_CAfile = /etc/postfix/cert.pem

*This line is missing in the current main.cf

Current

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

*These lines do not appear in the original main.cf

No firewall rules are set to block ports.

hopefully I’ve provided enough detail.

Categories: Logiciel Tags: ,

Configuration d’un serveur dédié de A à Z

27/03/2022 Comments off

Installation, configuration et administration d’un serveur dédié

debianCes tutoriaux ont été réalisés sous Debian (versions Etch 4.0 et Lenny 5.0) mais peuvent être transposés à d’autres distributions Linux, notamment Ubuntu. Ils sont applicables aux serveurs dédiés 1&1, Dedibox, OVH, Amen, et bien d’autres.

warning Tous les tutoriaux sont basés sur un serveur nommé test.alsacreations.com pour lequel nous disposons d’un utilisateur dew et d’un accès root (super-administrateur), chacun avec leur propre mot de passe.

Nous partons de l’idée d’obtenir un serveur web avec tout ce qu’il faut pour héberger plusieurs domaines et sites. Vous pouvez tout configurer à la main ou bien faire confiance à un panel d’administration.

Liste complète sans panel web

idee Ces tutoriaux conviennent à l’installation complète d’un serveur

  1. Première connexion : SSH, accès root et bases
  2. Apache et PHP : le serveur web
  3. MySQL : les bases de données
  4. Proftpd : le serveur FTP
  5. Postfix : le serveur mail POP3 et SMTP
  6. Sauvegarde automatique : avec backup-manager et export FTP
  7. Sécurisation : les règles de base, un firewall avec iptables, fail2ban…
  8. Bind : exécuter le serveur DNS en chroot
  9. Monitoring : garder un oeil sur son serveur grâce à monit et logwatch
  10. Roundcube : un webmail léger et rapide

Liste complète avec panel d’administration DTC

dtclogo

idee Si vous choisissez d’installer le panel d’administration DTC, suivez ces tutoriels. DTC se chargera de la configuration du reste des services.

  1. Première connexion : SSH, accès root et bases
  2. Bind : exécuter le serveur DNS en chroot
  3. Sécurisation : les règles de base, un firewall avec iptables, fail2ban…
  4. Panel DTC : pour installer et gérer les services web, ftp, mysql, e-mail, dns…
  5. Monitoring : garder un oeil sur son serveur grâce à monit et logwatch
  6. Sauvegarde automatique : backup-manager et export FTP
  7. Roundcube : un webmail léger et rapide

Attention : nous préconisons désormais l’utilisation du panel ISPConfig, en lieu et place du panel DTC. Il est tout aussi simple à installer et à utiliser. Veuillez vous référer à sa documentation.

Fail2ban, POSTFIX and SPAM

28/02/2022 Comments off

source: deribin.com

Very simple solution:
1) add rule to /etc/fail2ban/jail.conf:

[spam]
enabled = true
filter = spam
action = iptables[name=SPAM, port=smtp, protocol=tcp]
sendmail-whois[name=SPAM, dest=email@your.doamin.com, sender=fail2ban@your.domain.com]
logpath = /var/log/mail.log
bantime = 3600
ignoreip = 127.0.0.1 xxx.xxx.xxx.xxx/xx
maxretry = 2

Lire la suite...

Monitoring Ubuntu Desktops and Servers Using Monit

17/02/2022 Comments off

monit is a utility for managing and monitoring, processes, files, directories and devices on a UNIX system. Monit conducts automatic maintenance and repair and can execute meaningful causal actions in error situations.

Monit Features

  • Daemon mode – poll programs at a specified interval
  • Monitoring modes – active, passive or manual
  • Start, stop and restart of programs
  • Group and manage groups of programs
  • Process dependency definition
  • Logging to syslog or own logfile
  • Configuration – comprehensive controlfile
  • Runtime and TCP/IP port checking (tcp and udp)
  • SSL support for port checking
  • Unix domain socket checking
  • Process status and process timeout
  • Process cpu usage
  • Process memory usage
  • Process zombie check
  • Check the systems load average
  • Check a file or directory timestamp
  • Alert, stop or restart a process based on its characteristics
  • MD5 checksum for programs started and stopped by monit
  • Alert notification for program timeout, restart, checksum, stop resource and timestamp error
  • Flexible and customizable email alert messages
  • Protocol verification. HTTP, FTP, SMTP, POP, IMAP, NNTP, SSH, DWP,LDAPv2 and LDAPv3
  • An http interface with optional SSL support to make monit accessible from a webbrowser

Lire la suite…

Postfix + fail2ban = win

14/02/2022 Comments off
source: http://blog.dp.cx/25/postfix-fail2ban-win

Recently, I had to lease a new server. My old one was ok, but it was 5 years old, and showing it’s age. The most recent bout of problems was due to postfix, and a specific domain that I host mail for.

I had previously set up Policyd in an attempt to stop the influx of spam before it ever hit the server, but it wasn’t doing anything at this point. So approximately 800 messages per minute were getting directly to Postfix, and then running queries against MySQL (I use virtual maps for users, aliases, domains, etc). 99% of these messages were to non-existant users, so Postfix would bounce them. But the little 2.0GHz Celeron couldn’t handle it. The load shot up to 8 for around 3 weeks, and stayed there. I wish the fail2ban idea had come to me sooner… Lire la suite…