<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Check out the iredmail for easy
installation and management of Postfix with mysql and some extras
.It is basically a script , that downloads necessary files,
configure the database and everything for you and also installs a
front end web interface. I usually replace the frontend with
postfix admin , but iredadmin is not bad either.<br>
<br>
<br>
<a class="moz-txt-link-freetext" href="http://www.iredmail.org/">http://www.iredmail.org/</a> <br>
<br>
Thanks<br>
<br>
<div class="moz-signature"><b>Amit K Nepal<br>
Chief Information Officer
<br>
(RHCE, CCENT, C|EH, C|HFI, GIAC ISO 27000 Specialist)<br>
omNovia Technologies Inc.
</b></div>
On 12/8/2014 11:53 AM, Keith Smith wrote:<br>
</div>
<blockquote
cite="mid:bcc69d793d3320faf2ca425fb71f6595@phpcoderusa.com"
type="cite">
<br>
Hi Austin,
<br>
<br>
Bind and mail are new to me. I can do the LAMP part. I've looked
at webmin and would like to stay away from it. I think webmin is
a great resource, however I really want to do this from the
command line.
<br>
<br>
Between the docs, Google, YouTube, and you guys so graciously
helping me, I should be able to learn this at the command line.
<br>
<br>
Thank!
<br>
Keith
<br>
<br>
<br>
On 2014-12-08 12:09, JD Austin wrote:
<br>
<blockquote type="cite">If all of this is new to you install
webmin (but don't allow it
<br>
outside of your firewall):<a class="moz-txt-link-freetext" href="http://www.webmin.com/">http://www.webmin.com/</a> [1]
<br>
<br>
-- JD Austin
<br>
Voice: 480.269.4335 (480 2MY Geek)
<br>
<a class="moz-txt-link-abbreviated" href="mailto:jd@twingeckos.com">jd@twingeckos.com</a>
<br>
<br>
On Mon, Dec 8, 2014 at 10:11 AM, Keith Smith
<br>
<a class="moz-txt-link-rfc2396E" href="mailto:techlists@phpcoderusa.com"><techlists@phpcoderusa.com></a> wrote:
<br>
<br>
<blockquote type="cite">Sorry guys. I should have given more
info.
<br>
<br>
I'm a LAMP developer. I am increasingly doing more sys admin
<br>
stuff. I home office. I have a Cox business account that
allows
<br>
me to run a server. I bought a Dell i5 / 8GB RAM for this
<br>
project. I have never configured BIND or any email server. It
is
<br>
my goal to do so. One LAMP+Dind+Mail server in my home
office.
<br>
<br>
I installed CentOS 7 on the Dell and am hoping to use this
project
<br>
to learn how to mange a server from top to bottom. I have no
problem
<br>
configuring a LAMP server. It is Bind and
<br>
Postfix+Dovecott+Spamassassin+MySql that I need help with.
<br>
<br>
I figure by running my own server I will learn a lot and round
out
<br>
my skills.
<br>
<br>
So that is my project......
<br>
<br>
Thank you so much for your help!! I'm sure I will have lots
of
<br>
questions along the way.
<br>
<br>
Keith
<br>
<br>
On 2014-12-08 10:40, der.hans wrote:
<br>
<br>
Am 08. Dez, 2014 schwätzte Michael Butash so:
<br>
<br>
moin moin,
<br>
<br>
On 12/07/2014 10:42 PM, der.hans wrote:
<br>
Am 07. Dez, 2014 schwätzte Michael Butash so:
<br>
<br>
You'll want to allow tcp/53 if doing any sort of public dns -
<br>
anything greater than 1500 bytes (ie most domain-keys//spf
records),
<br>
and also any
<br>
<br>
True, if you're doing those things, you might have large dns
<br>
payloads and
<br>
need tcp. If you think they cause problems rather than fixing
them,
<br>
then
<br>
...
<br>
</blockquote>
"Normal" use of these yes, but imho better just to leave it be
<br>
serviced anyways, especially if any sort of provider for others.
<br>
<br>
Yeah, I suppose I pre-optimized and presumed this would be
home, non
<br>
3rd
<br>
party use for Keith.
<br>
<br>
<blockquote type="cite">anomaly mitigation gear (the things that
keep 400gb DDoS at bay)
<br>
use that to
<br>
<br>
What would anomaly mitigation gear be doing to cause large dns
<br>
payloads?
<br>
That's a serious question as I don't even know what anomaly
<br>
mitigation
<br>
gear is.
<br>
</blockquote>
It's not a large payload issue, it's a method of them
validating who
<br>
is a script opening a raw udp socket to spew junk, etc vs. a
"real"
<br>
RFC-compliant client by sending that truncate bit back to the
client,
<br>
making them request via tcp, and thus doing something more than
legit
<br>
aiming a cannon.
<br>
<br>
Hmm, this isn't making sense to me. Are you saying a client
makes a
<br>
request to your dns service and you force the client over to
tcp
<br>
lookups?
<br>
If so, does that cause the rest of the recursive lookup to
other
<br>
servers
<br>
to be tcp as well?
<br>
<br>
<blockquote type="cite">Having worked for one of those large
hosting companies that gets
<br>
those 300gb ddos attacks you read about (not to mention being
<br>
responsible for dealing with them), you need something to do
<br>
mitigate botnet blasts automagically,
<br>
</blockquote>
<br>
Most of our protocols could use some updates.
<br>
<br>
<blockquote type="cite">and luckily some smart people figure out
protocol challenge
<br>
behavioral hacks to do that. I remember back in 2003 needing
to
<br>
open firewalls to allow tcp for our dns just for that alone
when
<br>
ddos became vogue among warring customers, but became more
common at
<br>
various other businesses to have to address allowing tcp as
well for
<br>
spf and others.
<br>
<br>
It also broke some remote providers that blocked tcp/53 as
well for
<br>
some reason when our devices couldn't "validate" them, adding
them
<br>
to a drop list vs. whitelisting them as "valid" clients.
<br>
</blockquote>
<br>
Did those remote providers block tcp/53 for client or just for
server
<br>
(
<br>
only incoming syn blocks )?
<br>
<br>
<blockquote type="cite">Not that big a deal running a server at
your house, and never using
<br>
dkim/spf. I think most default cisco asa firewall configs
still
<br>
filter udp dns protocol traffic by default over 512 too.
<br>
<br>
figure our if you're real or not. Blocking tcp for dns is not
a
<br>
good idea as a whole, it's just RFC-compliant behavior things
<br>
expect.
<br>
<br>
As I recall, the RFC only specifies tcp for large payloads.
Don't
<br>
allow
<br>
them and tcp isn't necessary.
<br>
</blockquote>
Less is more I suppose when talking firewalls, just know when
you
<br>
*do* need things like tcp-based dns.
<br>
<br>
Yeah, good thing for Keith that you're pointing out that a
service
<br>
provider probably has to leave tcp/53 exposed, especially when
using
<br>
newer
<br>
dns record 'features'.
<br>
<br>
ciao,
<br>
<br>
der.hans
<br>
---------------------------------------------------
<br>
PLUG-discuss mailing list - <a class="moz-txt-link-abbreviated" href="mailto:PLUG-discuss@lists.phxlinux.org">PLUG-discuss@lists.phxlinux.org</a>
<br>
To subscribe, unsubscribe, or to change your mail settings:
<br>
<a class="moz-txt-link-freetext" href="http://lists.phxlinux.org/mailman/listinfo/plug-discuss">http://lists.phxlinux.org/mailman/listinfo/plug-discuss</a> [2]
<br>
<br>
--
<br>
Keith Smith
<br>
<br>
---------------------------------------------------
<br>
PLUG-discuss mailing list - <a class="moz-txt-link-abbreviated" href="mailto:PLUG-discuss@lists.phxlinux.org">PLUG-discuss@lists.phxlinux.org</a>
<br>
To subscribe, unsubscribe, or to change your mail settings:
<br>
<a class="moz-txt-link-freetext" href="http://lists.phxlinux.org/mailman/listinfo/plug-discuss">http://lists.phxlinux.org/mailman/listinfo/plug-discuss</a> [2]
<br>
<br>
<br>
Links:
<br>
------
<br>
[1] <a class="moz-txt-link-freetext" href="http://www.webmin.com/">http://www.webmin.com/</a>
<br>
[2] <a class="moz-txt-link-freetext" href="http://lists.phxlinux.org/mailman/listinfo/plug-discuss">http://lists.phxlinux.org/mailman/listinfo/plug-discuss</a>
<br>
<br>
---------------------------------------------------
<br>
PLUG-discuss mailing list - <a class="moz-txt-link-abbreviated" href="mailto:PLUG-discuss@lists.phxlinux.org">PLUG-discuss@lists.phxlinux.org</a>
<br>
To subscribe, unsubscribe, or to change your mail settings:
<br>
<a class="moz-txt-link-freetext" href="http://lists.phxlinux.org/mailman/listinfo/plug-discuss">http://lists.phxlinux.org/mailman/listinfo/plug-discuss</a>
<br>
</blockquote>
<br>
</blockquote>
<br>
</body>
</html>