On Sun, 15 Mar 2015 11:42:38 -0700, Joris Bolsens wrote:
>> Confirming "mail server" will keep you busy - especially the initial >> configuration (there will be a lot of "WTF, now what'd I do!?" moments, >> if you're like me). >> >> But yeah, postfix + dovecot (or other sasl agent) is pretty 'secure' in >> terms of not getting blindly turned into a mail relay. Throw >> spamassassin, greylists, and sieve scripts (server-side routing rules) >> on top of the basic configuration and you'll end up with a really nice >> MTA. I like mine better than gmail. > Do you have any tutorials or something on how to setup "spamassassin, > greylists, and sieve scripts"? Honestly, I can't remember /where/ I got all the tutorials from. Most of them were probably "google for a bit, oh hey, that sounds promising". Though, I have this page bookmarked; so it must've been something important when I was initially stumbling through things. http://www.freesoftwaremagazine.com/articles/focus_spam_postfix >> >> If you've got a need to reach it from "anywhere", and don't necessarily >> always have a laptop, then adding a web MUA (such as horde) is another >> project. >> > Horde's webmail looks pretty awesome, will definitely look into that. Yeah, it's pretty nice (once you kick it a couple of times and get it playing nice with the server -- or maybe I'm just bad at following instructions :) ). For mine, it even includes a mobile-friendly interface right out of the box; although it unfortunately doesn't include PGP or S/MIME support in that mode. Desktop version does though, you just have to choose that instead when you log in. Kind of a pain when I have to send mail from my phone (no one I know encrypts mail to me in the first place, so I can just use a generic mail app on said phone). But honestly, I'm sending little enough mail from my mobile that I haven't bothered really digging into it and seeing about changing that. >> In either event, I strongly recommend that you purchase a certificate >> for mail.yourdomain.com, and use it. It's overall easier (or at least >> in my experience, switching from the self-signed to the CA-signed cert >> made things easier). >> > Where do you recommend I get one of these? I tried the startssl thing, > but chrome still complains that its not legit. I used the 60 (90?) day freebie one from comodo until purchasing one from them. Biggest problem I ran into was needing to update one PCs root certificates. Though you have to be specific -- if your server is server.yourdomain.com; but you're giving it the hostname "mail.yourdomain.com" for use with postfix/dovecot/horde, you've got to request the cert for "mail.yourdomain.com". Same goes for "www" or any other hostname / prefix that you want to use (unless you go with a wildcard, which is crazy expensive). >> Since it's remote, maybe a reverse ssh setup so you can get "home"? >> >> > I know what those words mean, but I have no idea what they mean when > they are put in that order, care to elaborate? xD > A "reverse SSH" tunnel is a SSH tunnel that works in reverse -- i.e. you're making a connection from "host1" to "server" that's intended to let "host2" hop through, and get back to "host1". Let's say you're on a typical residential setup (DHCP), and your ISP has a REALLY terrible modem / router / firewall combo unit wherein you're unable to open ports or swap it over to bridge mode. So, even if you set up dyndns, you're not getting through your ISP crapbox. So, you create a reverse ssh tunnel from your home desktop (or NAS, whatever) over to your AWS server (or whatever). ssh -R 9999:localhost:22 someuser@AWS_Server This sets up a ssh tunnel "from" your AWS server to your box behind the crappy firewall on port 9999. So then to connect to it (say from your local starbucks) 1. ssh youruser@AWS_Server <-- this logs you into the AWS server you have 2. ssh localhost -p 9999 <-- this connects you to the reverse tunnel back to your home PC / NAS / whatever. I've actually used this a couple of times to help out family who I've upgraded to Linux --> put a shell script on their desktop named something like "PC Help" which fires up the reverse SSH connection for them to my server, and I just keep a list of who's computers are on what ports. I'm sure there are more automatic ways to get around it, but having it be something they have to click on works out better as it's easier to explain on the phone. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/me6vht$570$1...@ger.gmane.org
