Check out the iredmail for easy installation and management of Postfix with mysql and some extras .It is basically a script , that downloads necessary files, configure the database and everything for you and also installs a front end web interface. I usually replace the frontend with postfix admin , but iredadmin is not bad either. http://www.iredmail.org/ Thanks *Amit K Nepal Chief Information Officer (RHCE, CCENT, C|EH, C|HFI, GIAC ISO 27000 Specialist) omNovia Technologies Inc. * On 12/8/2014 11:53 AM, Keith Smith wrote: > > Hi Austin, > > Bind and mail are new to me. I can do the LAMP part. I've looked at > webmin and would like to stay away from it. I think webmin is a great > resource, however I really want to do this from the command line. > > Between the docs, Google, YouTube, and you guys so graciously helping > me, I should be able to learn this at the command line. > > Thank! > Keith > > > On 2014-12-08 12:09, JD Austin wrote: >> If all of this is new to you install webmin (but don't allow it >> outside of your firewall):http://www.webmin.com/ [1] >> >> -- JD Austin >> Voice: 480.269.4335 (480 2MY Geek) >> jd@twingeckos.com >> >> On Mon, Dec 8, 2014 at 10:11 AM, Keith Smith >> wrote: >> >>> Sorry guys. I should have given more info. >>> >>> I'm a LAMP developer. I am increasingly doing more sys admin >>> stuff. I home office. I have a Cox business account that allows >>> me to run a server. I bought a Dell i5 / 8GB RAM for this >>> project. I have never configured BIND or any email server. It is >>> my goal to do so. One LAMP+Dind+Mail server in my home office. >>> >>> I installed CentOS 7 on the Dell and am hoping to use this project >>> to learn how to mange a server from top to bottom. I have no problem >>> configuring a LAMP server. It is Bind and >>> Postfix+Dovecott+Spamassassin+MySql that I need help with. >>> >>> I figure by running my own server I will learn a lot and round out >>> my skills. >>> >>> So that is my project...... >>> >>> Thank you so much for your help!! I'm sure I will have lots of >>> questions along the way. >>> >>> Keith >>> >>> On 2014-12-08 10:40, der.hans wrote: >>> >>> Am 08. Dez, 2014 schwätzte Michael Butash so: >>> >>> moin moin, >>> >>> On 12/07/2014 10:42 PM, der.hans wrote: >>> Am 07. Dez, 2014 schwätzte Michael Butash so: >>> >>> You'll want to allow tcp/53 if doing any sort of public dns - >>> anything greater than 1500 bytes (ie most domain-keys//spf records), >>> and also any >>> >>> True, if you're doing those things, you might have large dns >>> payloads and >>> need tcp. If you think they cause problems rather than fixing them, >>> then >>> ... >> "Normal" use of these yes, but imho better just to leave it be >> serviced anyways, especially if any sort of provider for others. >> >> Yeah, I suppose I pre-optimized and presumed this would be home, non >> 3rd >> party use for Keith. >> >>> anomaly mitigation gear (the things that keep 400gb DDoS at bay) >>> use that to >>> >>> What would anomaly mitigation gear be doing to cause large dns >>> payloads? >>> That's a serious question as I don't even know what anomaly >>> mitigation >>> gear is. >> It's not a large payload issue, it's a method of them validating who >> is a script opening a raw udp socket to spew junk, etc vs. a "real" >> RFC-compliant client by sending that truncate bit back to the client, >> making them request via tcp, and thus doing something more than legit >> aiming a cannon. >> >> Hmm, this isn't making sense to me. Are you saying a client makes a >> request to your dns service and you force the client over to tcp >> lookups? >> If so, does that cause the rest of the recursive lookup to other >> servers >> to be tcp as well? >> >>> Having worked for one of those large hosting companies that gets >>> those 300gb ddos attacks you read about (not to mention being >>> responsible for dealing with them), you need something to do >>> mitigate botnet blasts automagically, >> >> Most of our protocols could use some updates. >> >>> and luckily some smart people figure out protocol challenge >>> behavioral hacks to do that. I remember back in 2003 needing to >>> open firewalls to allow tcp for our dns just for that alone when >>> ddos became vogue among warring customers, but became more common at >>> various other businesses to have to address allowing tcp as well for >>> spf and others. >>> >>> It also broke some remote providers that blocked tcp/53 as well for >>> some reason when our devices couldn't "validate" them, adding them >>> to a drop list vs. whitelisting them as "valid" clients. >> >> Did those remote providers block tcp/53 for client or just for server >> ( >> only incoming syn blocks )? >> >>> Not that big a deal running a server at your house, and never using >>> dkim/spf. I think most default cisco asa firewall configs still >>> filter udp dns protocol traffic by default over 512 too. >>> >>> figure our if you're real or not. Blocking tcp for dns is not a >>> good idea as a whole, it's just RFC-compliant behavior things >>> expect. >>> >>> As I recall, the RFC only specifies tcp for large payloads. Don't >>> allow >>> them and tcp isn't necessary. >> Less is more I suppose when talking firewalls, just know when you >> *do* need things like tcp-based dns. >> >> Yeah, good thing for Keith that you're pointing out that a service >> provider probably has to leave tcp/53 exposed, especially when using >> newer >> dns record 'features'. >> >> ciao, >> >> der.hans >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [2] >> >> -- >> Keith Smith >> >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss [2] >> >> >> Links: >> ------ >> [1] http://www.webmin.com/ >> [2] http://lists.phxlinux.org/mailman/listinfo/plug-discuss >> >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss >