Are there existing rpms for courier mta?
I am working from:
http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mys...
And am making progress with postfix and mysql, but looking ahead to other steps. I see squirrelmail is in EPEL.
centos-bounces@centos.org schrieb am 06.12.2012 14:42:05:
Robert Moskowitz rgm@htt-consult.com Gesendet von: centos-bounces@centos.org
06.12.2012 14:42
Bitte antworten an CentOS mailing list centos@centos.org
An
CentOS mailing list centos@centos.org,
Kopie
Thema
[CentOS] courier mail for Centos
Are there existing rpms for courier mta?
I am working from:
http://www.howtoforge.com/virtual-users-and-domains-with-postfix- courier-mysql-and-squirrelmail-fedora-14-x86_64
And am making progress with postfix and mysql, but looking ahead to other steps. I see squirrelmail is in EPEL.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hello Robert,
why don't you use dovecot? I've the same enviroment with postfix, mysql, dovecot, squirrelmail, running for a very long time.
Mit freundlichen Grüßen Andreas Reschke ________________________________________________________________
Unix/Linux-Administration Andreas.Reschke@behrgroup.com
On 12/06/2012 08:47 AM, Andreas Reschke wrote:
centos-bounces@centos.org schrieb am 06.12.2012 14:42:05:
Robert Moskowitz rgm@htt-consult.com Gesendet von: centos-bounces@centos.org
06.12.2012 14:42
Bitte antworten an CentOS mailing list centos@centos.org
An
CentOS mailing list centos@centos.org,
Kopie
Thema
[CentOS] courier mail for Centos
Are there existing rpms for courier mta?
I am working from:
http://www.howtoforge.com/virtual-users-and-domains-with-postfix- courier-mysql-and-squirrelmail-fedora-14-x86_64
And am making progress with postfix and mysql, but looking ahead to other steps. I see squirrelmail is in EPEL.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hello Robert,
why don't you use dovecot? I've the same enviroment with postfix, mysql, dovecot, squirrelmail, running for a very long time.
Can you point me to dovecot install/setup instructions?
I have no strong feelings of one over the other. Just that things work well!
centos-bounces@centos.org schrieb am 06.12.2012 15:11:29:
Robert Moskowitz rgm@htt-consult.com Gesendet von: centos-bounces@centos.org
06.12.2012 15:12
Bitte antworten an CentOS mailing list centos@centos.org
An
CentOS mailing list centos@centos.org,
Kopie
Andreas Reschke Andreas.Reschke@behrgroup.com
Thema
Re: [CentOS] Antwort: courier mail for Centos
On 12/06/2012 08:47 AM, Andreas Reschke wrote:
centos-bounces@centos.org schrieb am 06.12.2012 14:42:05:
Robert Moskowitz rgm@htt-consult.com Gesendet von: centos-bounces@centos.org
06.12.2012 14:42
Bitte antworten an CentOS mailing list centos@centos.org
An
CentOS mailing list centos@centos.org,
Kopie
Thema
[CentOS] courier mail for Centos
Are there existing rpms for courier mta?
I am working from:
http://www.howtoforge.com/virtual-users-and-domains-with-postfix- courier-mysql-and-squirrelmail-fedora-14-x86_64
And am making progress with postfix and mysql, but looking ahead to other steps. I see squirrelmail is in EPEL.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hello Robert,
why don't you use dovecot? I've the same enviroment with postfix,
mysql,
dovecot, squirrelmail, running for a very long time.
Can you point me to dovecot install/setup instructions?
I have no strong feelings of one over the other. Just that things work well!
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hello Robert,
there are many howtos on the net.
For example I've found: http://www.campworld.net/thewiki/pmwiki.php/LinuxServersCentOS/Cent5VirtMail... http://wiki.centos.org/HowTos/postfix http://wiki.dovecot.org/HowTo/DovecotLDAPostfixAdminMySQL https://shamuntoha.wordpress.com/2010/01/04/centos-postfix-postfixadmin-adva...
This are only a few (I've not tested any of them)
Mit freundlichen Grüßen Andreas Reschke ________________________________________________________________
Unix/Linux-Administration Andreas.Reschke@behrgroup.com
On 12/06/2012 09:24 AM, Andreas Reschke wrote:
centos-bounces@centos.org schrieb am 06.12.2012 15:11:29:
Robert Moskowitz rgm@htt-consult.com Gesendet von: centos-bounces@centos.org
06.12.2012 15:12
Bitte antworten an CentOS mailing list centos@centos.org
An
CentOS mailing list centos@centos.org,
Kopie
Andreas Reschke Andreas.Reschke@behrgroup.com
Thema
Re: [CentOS] Antwort: courier mail for Centos
On 12/06/2012 08:47 AM, Andreas Reschke wrote:
centos-bounces@centos.org schrieb am 06.12.2012 14:42:05:
Robert Moskowitz rgm@htt-consult.com Gesendet von: centos-bounces@centos.org
06.12.2012 14:42
Bitte antworten an CentOS mailing list centos@centos.org
An
CentOS mailing list centos@centos.org,
Kopie
Thema
[CentOS] courier mail for Centos
Are there existing rpms for courier mta?
I am working from:
http://www.howtoforge.com/virtual-users-and-domains-with-postfix- courier-mysql-and-squirrelmail-fedora-14-x86_64
And am making progress with postfix and mysql, but looking ahead to other steps. I see squirrelmail is in EPEL.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hello Robert,
why don't you use dovecot? I've the same enviroment with postfix,
mysql,
dovecot, squirrelmail, running for a very long time.
Can you point me to dovecot install/setup instructions?
I have no strong feelings of one over the other. Just that things work well!
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hello Robert,
there are many howtos on the net.
For example I've found: http://www.campworld.net/thewiki/pmwiki.php/LinuxServersCentOS/Cent5VirtMail... http://wiki.centos.org/HowTos/postfix http://wiki.dovecot.org/HowTo/DovecotLDAPostfixAdminMySQL https://shamuntoha.wordpress.com/2010/01/04/centos-postfix-postfixadmin-adva...
This are only a few (I've not tested any of them)
I have glanced at these and see a challenge.
First ClearOS will NOT support my mail requirements, as I create users by domain; ie user@domain and ClearOS allows a user to send receive mail from all configured domains.
It looks like at least the howto on dovecot.org above works the same.
Further it looks like dovecot keeps all the mail in one database? I can't be sure. The way I am running right now is that each users mail is a file per message in:
/home/vmail/domain/user The maildrop module (I think) does this distribution.
I will spend a bit more time digging into dovecot to see what it will take to set it up for user@domain functionality. Maybe it does in these howtos, but I don't see it....
On Thu, Dec 6, 2012 at 12:53 PM, Robert Moskowitz rgm@htt-consult.com wrote:
I have glanced at these and see a challenge.
First ClearOS will NOT support my mail requirements, as I create users by domain; ie user@domain and ClearOS allows a user to send receive mail from all configured domains.
That might be something you can change. What is it that you want to happen? It tends to be awkward if you are mostly mapping mail usernames to unix logins but you want exceptions that don't mesh with aliases or virtual users.
It looks like at least the howto on dovecot.org above works the same.
It should be up to postfix or sendmail to figure out what addresses to accept and how to alias them for delivery. Dovecot should only see the delivered file copies - cyrus would do the local delivery itself but only after postfix/sendmail hands off to it. Or are you talking about a user agent login from (say) thunderbird having the same login name in two different domains and seeing different mailboxes when they connect to the same actual server?
Further it looks like dovecot keeps all the mail in one database? I can't be sure. The way I am running right now is that each users mail is a file per message in:
/home/vmail/domain/user The maildrop module (I think) does this distribution.
Cyrus has its own DB format, but I think it is ultimately one message per file, so good for incremental backups. It has a fairly complete tool set of its own if you need to move things around and there are generic imap mailbox sync tools that don't care about the underlying storage. Dovecot can work with either mbox (one file per user) or maildir layout. You just have to configure delivery and dovecot the same way.
I will spend a bit more time digging into dovecot to see what it will take to set it up for user@domain functionality. Maybe it does in these howtos, but I don't see it....
How does user@domain1 log in differently than user@domain2 to the same host? Or does delivery land in the same mailbox?
On Thu, Dec 06, 2012 at 08:42:05AM -0500, Robert Moskowitz wrote:
Are there existing rpms for courier mta?
Not by any reputable repo, no. Use dovecot which is supplied by CentOS.
http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mys...
People _really_ must stop following garbage like howtoforge. This site inevitably advises to disable selinux and more often than not to do the same with your firewall. Both actions are foolhardy, at best, and downright reckless otherwise.
Sigh, I just made the mistake of browsing through that article and I fear I have given myself brain cancer as a result. Using Fedora's F14 postfix which is no longer supported in any way by Fedora; patching it making it even more difficult to maintain on your own; the inevitable "You should make sure that the firewall is off (at least for now) and that SELinux is disabled (this is important!)." recommendation, etc.
Bleah.
Really, just forget that site exists.
John
John R. Dennison wrote:
On Thu, Dec 06, 2012 at 08:42:05AM -0500, Robert Moskowitz wrote:
Are there existing rpms for courier mta?
Not by any reputable repo, no. Use dovecot which is supplied by CentOS.
http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mys...
People _really_ must stop following garbage like howtoforge. This site inevitably advises to disable selinux and more often than not to do the same with your firewall. Both actions are foolhardy, at best, and downright reckless otherwise.
<snip> Disabling selinux, or at least setting it to permissive, I agree with. Turning down your firewall?! Anyone suggesting that is, IMO, either a) clueless, or b) a malware user/vendor trying to make life easier. Can anyone think of any other possibilities?
mark
On Thu, Dec 6, 2012 at 9:13 AM, m.roth@5-cent.us wrote:
Disabling selinux, or at least setting it to permissive, I agree with. Turning down your firewall?! Anyone suggesting that is, IMO, either a) clueless, or b) a malware user/vendor trying to make life easier. Can anyone think of any other possibilities?
Someone with good site and subnet-level hardware firewalling. And a good feeling that all the bad guys are on the other side of the firewalls.
On 06-12-2012 15:41, Les Mikesell wrote:
On Thu, Dec 6, 2012 at 9:13 AM, m.roth@5-cent.us wrote:
Disabling selinux, or at least setting it to permissive, I agree with. Turning down your firewall?! Anyone suggesting that is, IMO, either a) clueless, or b) a malware user/vendor trying to make life easier. Can anyone think of any other possibilities?
Someone with good site and subnet-level hardware firewalling. And a good feeling that all the bad guys are on the other side of the firewalls.
Filtering Inbound Firewalls are generally useless if the user of the system doesn't know what they're doing. A lot of intrusions these days are the result of inbound policy permitted traffic in causing someone to initiate an outbound connection that gets them hacked.
On Thu, Dec 6, 2012 at 9:49 AM, Giles Coochey giles@coochey.net wrote:
On 06-12-2012 15:41, Les Mikesell wrote:
On Thu, Dec 6, 2012 at 9:13 AM, m.roth@5-cent.us wrote:
Disabling selinux, or at least setting it to permissive, I agree with. Turning down your firewall?! Anyone suggesting that is, IMO, either a) clueless, or b) a malware user/vendor trying to make life easier. Can anyone think of any other possibilities?
Someone with good site and subnet-level hardware firewalling. And a good feeling that all the bad guys are on the other side of the firewalls.
Filtering Inbound Firewalls are generally useless if the user of the system doesn't know what they're doing. A lot of intrusions these days are the result of inbound policy permitted traffic in causing someone to initiate an outbound connection that gets them hacked.
And you expect someone to be better at stopping this with iptables and a 'howto' than dedicated hardware and vendor training/support?
On 12/06/2012 10:57 AM, Les Mikesell wrote:
On Thu, Dec 6, 2012 at 9:49 AM, Giles Coochey giles@coochey.net wrote:
On 06-12-2012 15:41, Les Mikesell wrote:
On Thu, Dec 6, 2012 at 9:13 AM, m.roth@5-cent.us wrote:
Disabling selinux, or at least setting it to permissive, I agree with. Turning down your firewall?! Anyone suggesting that is, IMO, either a) clueless, or b) a malware user/vendor trying to make life easier. Can anyone think of any other possibilities?
Someone with good site and subnet-level hardware firewalling. And a good feeling that all the bad guys are on the other side of the firewalls.
Filtering Inbound Firewalls are generally useless if the user of the system doesn't know what they're doing. A lot of intrusions these days are the result of inbound policy permitted traffic in causing someone to initiate an outbound connection that gets them hacked.
And you expect someone to be better at stopping this with iptables and a 'howto' than dedicated hardware and vendor training/support?
And outbound rule writing is very hard, as you have to sniff out traffic many times to figure out why an app is failing and then write a rule to allow that app out.
On Thu, Dec 6, 2012 at 10:13 AM, Robert Moskowitz rgm@htt-consult.com wrote:
Filtering Inbound Firewalls are generally useless if the user of the system doesn't know what they're doing. A lot of intrusions these days are the result of inbound policy permitted traffic in causing someone to initiate an outbound connection that gets them hacked.
And you expect someone to be better at stopping this with iptables and a 'howto' than dedicated hardware and vendor training/support?
And outbound rule writing is very hard, as you have to sniff out traffic many times to figure out why an app is failing and then write a rule to allow that app out.
More like impossible in the general case, although you can always get any specific case to work if you spend enough time at it. But to catch some of the most likely known problems you need packet inspection to at least the level of URL filtering.
On 06/12/2012 16:24, Les Mikesell wrote:
On Thu, Dec 6, 2012 at 10:13 AM, Robert Moskowitz rgm@htt-consult.com wrote:
Filtering Inbound Firewalls are generally useless if the user of the system doesn't know what they're doing. A lot of intrusions these days are the result of inbound policy permitted traffic in causing someone to initiate an outbound connection that gets them hacked.
And you expect someone to be better at stopping this with iptables and a 'howto' than dedicated hardware and vendor training/support?
And outbound rule writing is very hard, as you have to sniff out traffic many times to figure out why an app is failing and then write a rule to allow that app out.
More like impossible in the general case, although you can always get any specific case to work if you spend enough time at it. But to catch some of the most likely known problems you need packet inspection to at least the level of URL filtering.
It's very difficult to build a technical firewall policy without a corporate Internet usage policy that backs it up. (Use of proxy for outbound traffic etc...), but with the right corporate policy in place it is possible to accomplish. There will always be some hosts that will have to be given full outbound access, not necessarily due to technical constraints, but due to procedural ones (devs won't or can't give the information on how the device needs to communicate). Full Outbound Access should be the exception rather than the rule - just think how clean the Internet would be if that was followed across the globe.
On Fri, Dec 7, 2012 at 5:47 AM, Giles Coochey giles@coochey.net wrote:
Full Outbound Access should be the exception rather than the rule - just think how clean the Internet would be if that was followed across the globe.
It would certainly provide job security for a lot of firewall administrators if it took human intervention to permit every new application to work.... Or you could replace 'clean' with 'useless' above.
On 12/06/2012 10:49 AM, Giles Coochey wrote:
On 06-12-2012 15:41, Les Mikesell wrote:
On Thu, Dec 6, 2012 at 9:13 AM, m.roth@5-cent.us wrote:
Disabling selinux, or at least setting it to permissive, I agree with. Turning down your firewall?! Anyone suggesting that is, IMO, either a) clueless, or b) a malware user/vendor trying to make life easier. Can anyone think of any other possibilities?
Someone with good site and subnet-level hardware firewalling. And a good feeling that all the bad guys are on the other side of the firewalls.
Filtering Inbound Firewalls are generally useless if the user of the system doesn't know what they're doing. A lot of intrusions these days are the result of inbound policy permitted traffic in causing someone to initiate an outbound connection that gets them hacked.
Which is why you need to have your outbound also restricted.
But then the things that go over port 80 is sad. Port firewalls can help with that.
On 12/06/2012 10:41 AM, Les Mikesell wrote:
On Thu, Dec 6, 2012 at 9:13 AM, m.roth@5-cent.us wrote:
Disabling selinux, or at least setting it to permissive, I agree with. Turning down your firewall?! Anyone suggesting that is, IMO, either a) clueless, or b) a malware user/vendor trying to make life easier. Can anyone think of any other possibilities?
Someone with good site and subnet-level hardware firewalling. And a good feeling that all the bad guys are on the other side of the firewalls.
Which I have. A Juniper branch firewall that I was given for testing purposes. And I am subnetted up the gazoo; I have a 64 address CIDR allocation that I have subnetted to /29s and /28s. I also use RFC1918 extensively. Afterall, I am one of its authors :)
On 12/06/2012 10:13 AM, m.roth@5-cent.us wrote:
John R. Dennison wrote:
On Thu, Dec 06, 2012 at 08:42:05AM -0500, Robert Moskowitz wrote:
Are there existing rpms for courier mta?
Not by any reputable repo, no. Use dovecot which is supplied by CentOS.
http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mys...
People _really_ must stop following garbage like howtoforge. This site inevitably advises to disable selinux and more often than not to do the same with your firewall. Both actions are foolhardy, at best, and downright reckless otherwise.
<snip> Disabling selinux, or at least setting it to permissive, I agree with. Turning down your firewall?! Anyone suggesting that is, IMO, either a) clueless, or b) a malware user/vendor trying to make life easier. Can anyone think of any other possibilities?
I always have ignored turning off the firewall; it is not hard in Gnome to alter basic firewall behaviour and allow for ports like 576 (or whatever that SMTP port is; not looking it up right now).
In the past, turning selinux to permissive was my first step in setup, followed by moving SSH's port. Now I leave it as is and learn how to use semanage.
On Thu, Dec 06, 2012 at 11:08:07AM -0500, Robert Moskowitz wrote:
I always have ignored turning off the firewall; it is not hard in Gnome to alter basic firewall behaviour and allow for ports like 576 (or whatever that SMTP port is; not looking it up right now).
In the past, turning selinux to permissive was my first step in setup, followed by moving SSH's port. Now I leave it as is and learn how to use semanage.
What an absolute lovely breath of fresh air :) Someone that actually takes their job seriously and makes use of the tools provided. This is so refreshing from the normal selinux-related nonsense that pervades the world.
John
On Thu, Dec 6, 2012 at 1:25 PM, John R. Dennison jrd@gerdesas.com wrote:
I always have ignored turning off the firewall; it is not hard in Gnome to alter basic firewall behaviour and allow for ports like 576 (or whatever that SMTP port is; not looking it up right now).
In the past, turning selinux to permissive was my first step in setup, followed by moving SSH's port. Now I leave it as is and learn how to use semanage.
What an absolute lovely breath of fresh air :) Someone that actually takes their job seriously and makes use of the tools provided. This is so refreshing from the normal selinux-related nonsense that pervades the world.
Sorry to burst your bubble here, but note that this is from a guy that says he hasn't changed things in years. The 'normal' selinux reaction to problems is not nonsense, just real life when you have a bunch of people trying to do new things and a tool that is designed to restrict them.
On Thu, Dec 06, 2012 at 01:30:40PM -0600, Les Mikesell wrote:
Sorry to burst your bubble here, but note that this is from a guy that says he hasn't changed things in years. The 'normal' selinux reaction to problems is not nonsense, just real life when you have a bunch of people trying to do new things and a tool that is designed to restrict them.
Then let me sum this up thusly. If anyone is in the habit of managing systems with selinux set to disabled because "it's too hard" or "it takes too much time" or any number of other ridiculous excuses instead of learning to properly manage the systems with the tools and documentation provided then they need to reconsider their chosen career path as they are quite obviously not cut out for systems administration / engineering.
I manage many, many hundreds of systems. Not a single one has selinux disabled. I have _no_ problems in doing so Does it take a little time to do it when first installing a package without a pre-packaged policy? Yes; and this is one reason you don't do this type of thing in a production environment. Is it less time than it takes to recover from a compromise. Yes; _many_ times less.
So you'll kindly pardon me if I don't accept lame excuses or what I consider faulty reasoning as to why one would not have selinux set to enforcing on any given box. I also consider any advocacy for disabling security tools versus understanding them and learning to work with them quite out of place on this or any other technical list. People should really just know better. As I know you'll want to get the last work in, Les, let it be known I won't reply to this thread any longer. The original author has already shown his willingness to do things properly and you just want a soapbox and I won't give you one.
John
John R. Dennison wrote:
On Thu, Dec 06, 2012 at 01:30:40PM -0600, Les Mikesell wrote:
Sorry to burst your bubble here, but note that this is from a guy that says he hasn't changed things in years. The 'normal' selinux reaction to problems is not nonsense, just real life when you have a bunch of people trying to do new things and a tool that is designed to restrict them.
Then let me sum this up thusly. If anyone is in the habit of managing systems with selinux set to disabled because "it's too hard" or "it takes too much time" or any number of other ridiculous excuses instead of learning to properly manage the systems with the tools and documentation provided then they need to reconsider their chosen career path as they are quite obviously not cut out for systems administration / engineering.
I manage many, many hundreds of systems. Not a single one has selinux disabled. I have _no_ problems in doing so Does it take a little time to do it when first installing a package without a pre-packaged policy? Yes; and this is one reason you don't do this type of thing in a production environment. Is it less time than it takes to recover from a compromise. Yes; _many_ times less.
<snip> The general CentOS mailing list: everyone's soapbox.
We've got selinux on permissive on almost every system. Perhaps your boxes are almost all production: most of ours are either dev or research. Even the production boxes - most have websites or apps written by developers with *zero* knowledge of selinux.
And then there are the third-party apps like that... or from the Windows world. For example, I've posted here in the past, and on the fedora selinux list, fighting CA's SiteMinder (we won't talk about the piece of crap that is, for which our tax dollars pay a *lot*), but it's *all* guesswork and makedo to even keep that working, and making selinux active would kill that most of the time, and we're *required* to use it.
Must be nice, working in an environment that can enforce selinux. This ain't it.
mark
I'd throw in to the mix - I have a lot of experience with *nix's - but limited time to learn things and must concentrate on what I need to know. I've never master SELinux and disable it - all the time. However, my needs are for my home network - which I administer. I have many hosts and quite a few VMs - but I don't think its worth my time nor effort to use SELinux. Am I lazy - yes. Do I care - no.
Seems harsh what you said :( Maybe in a prod setting, you are correct - but chill :) This is a great mailing list...hate to see fighting or perceived fighting :(
On Thu, 6 Dec 2012, m.roth@5-cent.us wrote:
John R. Dennison wrote:
On Thu, Dec 06, 2012 at 01:30:40PM -0600, Les Mikesell wrote:
Sorry to burst your bubble here, but note that this is from a guy that says he hasn't changed things in years. The 'normal' selinux reaction to problems is not nonsense, just real life when you have a bunch of people trying to do new things and a tool that is designed to restrict them.
Then let me sum this up thusly. If anyone is in the habit of managing systems with selinux set to disabled because "it's too hard" or "it takes too much time" or any number of other ridiculous excuses instead of learning to properly manage the systems with the tools and documentation provided then they need to reconsider their chosen career path as they are quite obviously not cut out for systems administration / engineering.
I manage many, many hundreds of systems. Not a single one has selinux disabled. I have _no_ problems in doing so Does it take a little time to do it when first installing a package without a pre-packaged policy? Yes; and this is one reason you don't do this type of thing in a production environment. Is it less time than it takes to recover from a compromise. Yes; _many_ times less.
<snip> The general CentOS mailing list: everyone's soapbox.
We've got selinux on permissive on almost every system. Perhaps your boxes are almost all production: most of ours are either dev or research. Even the production boxes - most have websites or apps written by developers with *zero* knowledge of selinux.
And then there are the third-party apps like that... or from the Windows world. For example, I've posted here in the past, and on the fedora selinux list, fighting CA's SiteMinder (we won't talk about the piece of crap that is, for which our tax dollars pay a *lot*), but it's *all* guesswork and makedo to even keep that working, and making selinux active would kill that most of the time, and we're *required* to use it.
Must be nice, working in an environment that can enforce selinux. This ain't it.
mark
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Scot P. Floess RHCT (Certificate Number 605010084735240) Chief Architect FlossWare http://sourceforge.net/projects/flossware http://flossware.sourceforge.net https://github.com/organizations/FlossWare
On 12/06/2012 09:15 AM, John R. Dennison wrote:
On Thu, Dec 06, 2012 at 08:42:05AM -0500, Robert Moskowitz wrote:
Are there existing rpms for courier mta?
Not by any reputable repo, no. Use dovecot which is supplied by CentOS.
http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mys...
People _really_ must stop following garbage like howtoforge. This site inevitably advises to disable selinux and more often than not to do the same with your firewall. Both actions are foolhardy, at best, and downright reckless otherwise.
Sigh, I just made the mistake of browsing through that article and I fear I have given myself brain cancer as a result. Using Fedora's F14 postfix which is no longer supported in any way by Fedora; patching it making it even more difficult to maintain on your own; the inevitable "You should make sure that the firewall is off (at least for now) and that SELinux is disabled (this is important!)." recommendation, etc.
Bleah.
Really, just forget that site exists.
I did this back using the F12 version of this howto, and then it was NOT on howtoforge. I still have it running on F12 and REALLY want to move off that.
Almost everything in this tutorial is now available without doing things like disabling SELinux (btw, I move the SSH port and use semanage to accomidate that).
It is good when someone does something good and then it comes easy.
When I get this working, I will put together instructions to be published somewhere. The only part which I probably CAN'T do myself is the mysql frontend; I will be using phpMyAdmin for starters.
On 12/06/2012 09:15 AM, John R. Dennison wrote:
On Thu, Dec 06, 2012 at 08:42:05AM -0500, Robert Moskowitz wrote:
Are there existing rpms for courier mta?
Not by any reputable repo, no. Use dovecot which is supplied by CentOS.
http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mys...
People _really_ must stop following garbage like howtoforge. This site inevitably advises to disable selinux and more often than not to do the same with your firewall. Both actions are foolhardy, at best, and downright reckless otherwise.
I have found a newer version of the howto:
http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mys...
I am going to email the author to get help on not implementing quotas (they caused me grief in the past). I am also going to ask him about dovecot/courier. And finally about disabling SELinux; what are the problems. I will probably be asking for help here! :) My limited experience with semanage is that it is slooooow for a change. At least the one I make for SSH port.
Robert Moskowitz wrote:
On 12/06/2012 09:15 AM, John R. Dennison wrote:
On Thu, Dec 06, 2012 at 08:42:05AM -0500, Robert Moskowitz wrote:
<snip
I have found a newer version of the howto:
http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mys...
I am going to email the author to get help on not implementing quotas (they caused me grief in the past). I am also going to ask him about dovecot/courier. And finally about disabling SELinux; what are the problems. I will probably be asking for help here! :) My limited experience with semanage is that it is slooooow for a change. At least the one I make for SSH port.
Yup, semanage *is* slow. On the other hand, you only do it a few times, one hopes. (Or until some developer does or wants something that's not packaged....)
mark
On 12/6/2012 8:42 AM, Robert Moskowitz wrote:
Are there existing rpms for courier mta?
I am working from:
http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mys...
And am making progress with postfix and mysql, but looking ahead to other steps. I see squirrelmail is in EPEL.
I don't know of any rpms in the major repos. However, the courier and courier-auth tarballs have spec files that make it VERY easy to build the rpms yourself. You don't even have to unpack the tarballs.
Ask on the courier mailing list. Very friendly and the developer is active on the list.
On 12/07/2012 04:56 PM, Bowie Bailey wrote:
On 12/6/2012 8:42 AM, Robert Moskowitz wrote:
Are there existing rpms for courier mta?
I am working from:
http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mys...
And am making progress with postfix and mysql, but looking ahead to other steps. I see squirrelmail is in EPEL.
I don't know of any rpms in the major repos. However, the courier and courier-auth tarballs have spec files that make it VERY easy to build the rpms yourself. You don't even have to unpack the tarballs.
Ask on the courier mailing list. Very friendly and the developer is active on the list.
I have excellent instructions on using CourierMail. All packaged up very nicely.
But I felt it would be 'good' to switch to the Centos 'supported' server, Dovecot.
So I subscribed to the Dovecot mailing list and described what I wanted to do and asked for pointers to a tutorial to set it up that way. Well that was back on Friday morning. On reply yet...
-
Andreas Reschke -
Bowie Bailey -
Giles Coochey -
John R. Dennison -
Les Mikesell -
m.roth@5-cent.us -
Robert Moskowitz -
Scot P. Floess