[CentOS] Replacing my Scalix mail server
lesmikesell at gmail.com
Tue Mar 31 21:30:00 UTC 2009
Robert Moskowitz wrote:
>>> Also I would NEVER consider running SMB services on a gateway/firewall
>>> and I need IPv6 support anyway on the gateway/firewall. So far I have
>>> used Astaro with roll-your-own (Astaro predates the IPv6 /48
>>> allocation), and I am getting a 'nice' box from a vendor I work with...
>> Agreed that separation is theoretically safer, but the scripted
>> configuration on SME takes care of most of the things you would be
>> likely to forget if you did it by hand (setting up iptables firewalling,
>> hosts.allow, binding services only to the appropriate interface, adding
>> ip range restrictions within the app configs, etc.).
> My concern is not 'out of the box', and even there I have problems with
> their 1st update procedure. I have problems with the time lag between
> security bugs and updates applied.
Nearly all config changes on SME are done though it's web interface and
all of the appropriate iptables/hosts.allow/apps configs are re-written
as needed each time by the underlying scripts. The updates for the
applications themselves should track Centos very closely since much of
it is unchanged (except the mail system). You can just log in as root
and do a 'yum update' if you have any trouble with the admin page hiding
that from you. You just have to run a couple of commands that it will
> Gateway/firewalls have to be very conservative on services offered.
> There are ways to virtualize this, but SME has not done that.
>> The down side of two machines is that stock SME doesn't use LDAP network
>> authentication and it does some handy tricks with groups that span both
>> email and file permission/sharing concepts.
> In my case, all the more reason to separate them, as many of the people
> with emails, even in my domain do not get shares access. They are my
> remote family members.
Having many different groups with different settings isn't a problem.
You don't have to give shares to any particular group. But it saves
time to be able to add members to a group and end up with both a mail
alias that includes them and a group that can be given access to a file
share or ftp location.
> And most emailing is done via Thunderbird.
That's not particularly relevant - if you access from more than one
location you might want to set up imaps access so all the messages are
stored on the server and available through the hoard web interface if
you aren't at you usual client(s).
lesmikesell at gmail.com
More information about the CentOS