Security :: Secure Webmail - SMTP Relay In DMZ?
Apr 11, 2010
When you set up a webmail solution these days, either on your home LAN or at a small business. What steps do you take to make the solution as secure as possible? A couple of years ago it was sufficient to port forward both port 25 and 80/443 to you server located on the internal LAN. Today you're more likely to have a SMTP relay in a DMZ of some kind. But the webmail, how do you solve this? Do you place a dedicated webmail frontend in the DMZ and open ports towards the internal LAN, or do you just place the entire server in the DMZ? I'm looking for input for a small network/home LAN so it shouldn't be to complex.
View 4 Replies
ADVERTISEMENT
May 17, 2010
I downloaded IPKungFu which is supposed to do this for me, except it did not according to a penetration site. configure IPKungFu perfectly. I did look at this site. IPKungFu easy iptables based server firewall - zarzax the blog I downloaded IPKungFu which is supposed to do this for me, except it did not according to a penetration site. Help me configure IPKungFu perfectly. I did look at this site. IPKungFu easy iptables based server firewall - zarzax the blog
Results
rv @rv-laptop:~$ sudo ipkungfu
Checking integrity: ..PASSED
Checking MD5 Hash of config files:OK
[code]....
View 2 Replies
View Related
Jun 29, 2011
I've tried googling this, and am having trouble finding something that doesn't end up being dizzying or confusing.
I was wondering if anybody could provide me with a concise, conclusive answer/guide.
I have a set of servers which require redundant SMTP relay. The first two of their SMTP relays are their own SMTP servers, and as such, are not dependable in the event that their network/servers go down. Their monitoring software runs on their machines as well, and uses the SMTP servers they themselves host.
I need to set up an external SMTP relay box that they can use to relay their monitoring alerts/admin notices in the case that their mailservers go down.
I have a company exchange server with pop/imap support @ my disposal but, unfortunately, that box runs Windows and does not permit any changes to services or additional software to add for the purposes of relaying clients.
So now, I need to create a dedicated linux box that can act as a relay to send email coming from the monitoring/admin/alert software in case their first two smtp servers have gone down.
View 6 Replies
View Related
Jul 27, 2009
I have a linux box on my DMZ with postfix on it. I have exchange on our internal LAN on 10.152.0.104.
View 6 Replies
View Related
Jan 19, 2010
I want to run a DMZ postifx smtp relay that will collect and relay several domains, this I can do. But is it possible to then relay each domain to a different server?If so how ? and what set up is needed.
View 2 Replies
View Related
May 15, 2011
I want to setup sendmail using my username and password on my ISP to be able to send out messages.This is actually true as the mylocaldomain is not a public Internet domain. Just a localdomain for our local network. However, I was expecting that to change to the username in my authinfo "myusername@myispdomain" since this account is authorized to send out email with my ISP.
View 1 Replies
View Related
Mar 23, 2010
I just finish install & setup postfix & spamassasin. I can send & received email from my local area network. i already install webmail client & I can send received. When using my pda from outside my network I can received but I just can send email to my domain only. For other domain it's error relay access denied. Here my postfix configuration.
View 4 Replies
View Related
Jan 26, 2010
I've search high and low.. does anyone know how to configure Postfix/Dovecot to use another SMTP server (i.e. smtp.comcast.net) as my ISP blocks port 25?
View 2 Replies
View Related
Jun 15, 2010
I am new to the Ubuntu Community and just starting to build my Ubuntu 10.04 Server. I am a novice in Ubuntu, though maybe not a full n00b any more
I travel around a lot with my laptop, (also Ubuntu 10.04). However, my ISP does not allow me to send email via their SMTP when I am not in their IP range.
Since I have this little server I am building, I thought it would be nice if I could have my own SMTP relay. The objectives would be simple:
- I do not need a mailbox or POP server (yet).
- I wish to send email from any place in the world. I can not use a filter on IP ranges or local networks only.
- If my server could do this, I just configure Evolution on my laptop to send mail to my home IP address, using some sort of authentication and/or security/encryption (whichever is easy to implement).
- My server then just forwards my mail to my ISP. Since the server is inside the IP range, it can be handled as usual.
I have been digging through several howto's and the ubuntu server guide, searching some forums etc. Even while I don't fully grasp the things explained, I can't get the idea that one of those is "Just what I need".
Even still, if there is some other service outside my own that can do this (a public SMTP relay maybe?) I would also be happy to consider as long as it is safe and does not "eavesdrop" on my messages.
View 3 Replies
View Related
Aug 18, 2010
I have setup my own home server . All the applications are working perfectly except one I can't send Emails. I check weda my smtp has any errors not welll I got this
Code:
SMTP -> FROM SERVER:
220 server1.example.com ESMTP Postfix (Ubuntu)
SMTP -> FROM SERVER:
[code]....
View 1 Replies
View Related
Mar 4, 2011
My O/S is CentOS. What is used when mailing out? sendmail, posix, mailX???
And How do I configure it?
Need to use my ISP mail server other wise my ip gets flagged for spam.
View 2 Replies
View Related
Jul 2, 2010
My postfix is ok with receiving emails but i can send mail to my domain only [URL] When I want to send to other domains i receive this error (in the maillog):
Quote:
postfix/smtpd[14172]: NOQUEUE: reject: RCPT from 93-46-46-73.ip106.fastwebnet.it[93.46.46.73]: 554 5.7.1 <giannileggio@shoppeo.com>: Relay access denied; from=<info@sampledomain.com> to=<giannileggio@shoppeo.com> proto=ESMTP helo=<[36.234.52.97]>
it is the same via thunderbird or via telnet. This is my configuration
Quote:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
[code]....
I used 'sampledomain' instead of my real domain
View 2 Replies
View Related
Aug 9, 2011
On my opensuse 11.4 box (although I assume the version is irrelevant), I'm trying to figure out how to do something with the mail command. We have multiple smtp relay servers and sometimes I have to test to verify that mail is bouncing off of them successfully. On my laptop, in my main.cf file for postfix, I've got the relay server listed. But to test multiple servers, I have to change the main.cf, restart postfix, send message, and then repeat for each test.
I'm trying to figure out a way to specify the smtp relay on the command line. I've been playing with the -S option which is supposed to allow variables and one of the variables in the man page is 'smtp'. I've tried several different syntaxes but nothing seems to work.
The closest I've come is:
mail -S smtp 10.1.0.63 -s "test" user@email.com < main.cf
That syntax doesn't give me an error but it still routes the message off the smtp server listed in main.cf which is not 10.1.0.63.
View 3 Replies
View Related
Feb 11, 2011
I'm trying to set up my postfix server to relay mail (via a php cms) using Gmail's smtp on my account, but for some reason, Gmail returns an error code that StartTLS must be sent first, my postfix main.cnf file can be found at pastebin, because of this forum's text length I cannot paste my postfix main.cnf file as can be seen I have everything set and configured for Gmail, but postfix (for some unseen reason) can not send StartTLS. [URL].
View 4 Replies
View Related
Sep 2, 2010
I'm running ASSP on Ubuntu 10.04.1 it's mostly working fine. I have one problem which has been bugging me for some time. I don't want to filter outbound mail, but if I can relay (proxy) my outbound mail through ASSP, then it can automatically add to the whitelist.
As ASSP is a proxy, I need a server to send it to once ASSP receives it. I've tried my ISP, but this failed and they weren't willing to confirm if a connection attempt was received at their end.
Current setup
Inbound
mx -> router -> ASSP -> Exchange 2003
Outbound
Exchange 2003 -> mx
I'd like to setup outbound as either
Exchange 2003 -> ASSP -> <ISP> SMTP relay
Exchange 2003 -> ASSP -> <relay running on Ubuntu eg postfix>
Can anyone help me with troubleshooting steps or a better suggestion for how I can set this up. I'd love to know why my ISP setup didn't work, but I don't know a tool for monitoring IP traffic in Ubuntu SE, in windows I use Wireshark is there any equivalent I can setup for Ubuntu or a tool I can use in windows which will show all traffic, Ubuntu and windows server are on the same netgear switch, not sure it's smart enough to copy all traffic to another port for monitoring.
View 4 Replies
View Related
Jun 7, 2011
Is the term a 'simple SMTP relay' a contradiction in terms?!I have an elderly Dell server on which I have just made a fresh install of 10.04 LTS server. I had 8.04 running on it for a long time, but I haven't tried an SMTP server before. It is a headless server with CLI (no GUI) and the latest version of Webmin installed.I have a basic LAMP server installed for a few websites using PHPbb and Joomla, and also I run a Mediatomb server for our household. When I installed I also chose to install mail services, but these remain masked behind NAT at the moment
I now want to set up an SMTP relay server so when I am working away and using different wifi points or my notoriously unreliable 3G dongle I can always send emails through the home server (from my iPhone and my laptop) rather than having to look up the SMTP server for each ISP of the place where I am working.
What I want is an authenticated server which takes my email and redirects it to my home ISP's SMTP server. I need only 3 authenticated users to have access (myself, my wife and my son). I don't need (or want) any incoming mail services at all.
Useful modules installed are: Dovecot, Postfix, Procmail mail filter, PAM - but how do I set them up?
Is there any simple setup that I could do, preferably through Webmin, but I can handle CLI if necessary?
I have looked at the Ubuntu help pages, but it looks so complicated to set up something that seems like it should be so simple to me.
View 9 Replies
View Related
Dec 1, 2010
I'm an Oracle DBA and started working for my current employer about 4 months ago. This past weekend an alert re: FS space brought my attention to /var/spool/clientmqueue (full of mail re: cron jobs) and the fact that sendmail is not running on our Linux servers.I'm told that the IT security team deemed sendmail too vulnerable so we don't run it.Aside from FS filling up and missing notification of issues with crontab entries, I'm concerned that we may be missing notification of potential issues. In other Unix/Linux environments I've seen emails from the print daemon when it experienced problems with specific jobs.
Are there other Linux facilities aside from cron and lpd that use email to advise the users of possible issues? Are there ways to secure sendmail or secure alternatives to sendmail? My primary need/desire is to make sure that emails regarding issues on the server get to the appropriate users. Secondary goal would be to have the ability to use mailx to send mail out. There is No need/desire to receive mail from outside.
View 1 Replies
View Related
Apr 16, 2011
The server I'm running is virtually stock CentOS - it's running on a xen virtual host, started as CentOS 5.1 (32 bit) when that was fresh, it's at 5.5 now and updated nightly. All packages except postgresql and php are from CentOS and EPEL.
I'm running dovecot on it, and for long time, squirrelmail connecting via localhost was good enough. All external ports were firewalled by the CentOS firewall (just 25,80,443,custom ssh are currently open).
Now I need to allow an external imap client to connect.
I have generated ssl key and configured the dovecot configuration and it should be good to go, but gosh dangit, I can't remember how to open the port in the configuration.
I did it before when I set up ssh to run on a non standard port after I got sick of constant brute force attack on port 22, but I can't recall what I did and the various tutorials I find online all tell how to do it with the GUI tool, but I don't have any GUI stuff installed.
system-config-securitylevel-tui
Is I'm pretty sure what I used to open up my custom > 1024 ssh port, but I can't remember how I used it to open that port and it doesn't seem intuitive. Also, do I need to use 993? I'd almost rather use something custom above 1024, as long as thunderbird supports it (don't care about any other mail client)
Finally, my smtp server is postfix and port 25 is already open (but not an open relay, I check it about every 3 months). For requests to send mail from a client, I would really like some authentication of some type - as in only relays for IP addresses that have recently successfully logged in the secure imap port.
View 3 Replies
View Related
Oct 7, 2010
I have successfully configured a local imap mail server following these instructions: url
Now I would like to make it available via webmail too.Is there an easy to install and configure webmail package?
View 1 Replies
View Related
Nov 24, 2010
I am using squid proxy in my office , now I can not access the webmail url is url.
View 5 Replies
View Related
Feb 2, 2011
I have installed and configured mutt with gmail with no issues, following this documentation.Mutt with Gmail/IMAP [CrunchBang Linux Wiki]
I can send emails from mutt, but now I need to send email using scripts.If I try to use mutt from cmd line I have the following error.
trst:~ # echo "TESTING MUTT AND GMAIL SMTP RELAY" | mutt -s "url"
SSL connection using TLSv1/SSLv3 (RC4-MD5)
Interactive SMTP authentication not supported
Could not send the message.
The OS version: OPEN SUSE 11.3 Server installation (NO-GUI)
View 3 Replies
View Related
Feb 19, 2011
I'm trying to use different MTA servers (one for each domain) on the same public IP and port (25). Here I attach a graphic of my idea, to have a Postfix server that receives all incoming mail from internet, and relays to different local servers. esquema_mta-dns.jpg How can be configured the "Relayer MTA" ?
View 8 Replies
View Related
Oct 28, 2010
I would like to send emails form my server using my gmail account.Does anybody know how to do it?
OS = OPENSUSE 11.3 server installation - NO GUI....
View 9 Replies
View Related
Mar 8, 2010
I installed the citadel suite on ubuntu server 9.10 Email obviously works fine internally. I tried to setup a smart host to send my mail through as my isp(Verizon) obviously blocks port 25. I tried to send out the Verizon smtp server on port 587. In the Administration> Domain names and Internet mail configuration>Smarthosts.My smarthost entry on the citadel configureation page above was usernameassword@outgoing.verizon.net:587 but after sending an outgoing email, it comes back with a "invalid/host-not-in-DNS return address not allowed"
I have also tried using gmail and a hotmail account with the respective smtp address's in but they come back with "Must issue a STARTTLS command first".I have researched both messages and come up with squat that has helped me.
I know that my mail will have to go out through a smarthost of somekind. So is am I on the right track with choosing verizon/gmail/or something else as my smtp relay, or is there a free service out there that I can send email through(haven't found one if there is)
Anyone else ever setup Citadel and got around their isp blocking port 25?I am also not sold on citadel, it was just the first/ nicest looking one that I found.
View 2 Replies
View Related
Oct 7, 2010
At the login webpage of <[URL]>, the Time Warner Cable (TWC) Webmail site, I am immediately confronted with a warning that the Security Certificate is invalid & that the site is untrusted. This occurs with Firefox, Seamonkey, & Konqueror. This does not occur on Microsoft or Apple systems; I have checked other colleagues machines. I have manually overridden the warning & everything functions fine. I have contacted TWC & am awaiting their tests. But, I would like some independent corroboration from other users in the Linux community. Could some of you perform the test yourself on this URL? An error will be readily apparent.
View 14 Replies
View Related
Jan 31, 2010
I've got a server set up with Debian. The problem is that my ISP doesn't allow usage of port 25 (as I understand a lot of ISP's don't).I have PHP scripts hat use the mail() function to send e-mails through the Sendmail application.So, my question is: How can I relay messages sent to sendmail to an external SMTP server (like Google Mail, for example)? Would this be easier to do in the PHP configuration, or on the Sendmail side of things?I've used PEAR extensions in PHP to achieve this before, but scripts downloaded from the Internet generally just use the basic mail() function, and it would be a real pain to modify them all.
View 2 Replies
View Related
Mar 1, 2011
Which is more secure, webmail email providers such as Yahoo or Linux desktop email clients such as Evolution?
View 9 Replies
View Related
Jul 26, 2010
In my Windows environment, I use email client such as Microsoft Outlook to connect to our email server to send email with the following configuration:
Incoming server (POP3): 995 - (requires with SSL)
Outgoing server (SMTP): 465 - (use encrypted connection SSL)
[code]....
And the mail server requires user ID login and password.how do I setup a text command based email client in my Linux (Centos 5.1) to send out email through the existing email server above, which is in another machine? The email client has to be text command based because I need to use command line to send notification email from anothar application installed in my Linux (Centos 5.1) Since the email client will only be used to send email notification, I don't require setting up of an email server in my linux.
View 2 Replies
View Related
Jul 11, 2010
I seem to be missing a secure.log or security.log file. I have Ubuntu 10.04 and can't find this file. I looked in the /var/log and ran a search command to no avail. Does anyone know where this file is or is it called something else. I'm looking for a file that logs any change to the security settings of the system.
View 1 Replies
View Related
Dec 14, 2010
I'm not concerned about this since this traffic is generated from the loopback address, but would like to find out what it is.
[code]...
View 1 Replies
View Related
