Re: Setting up automounts, milters, IPv6, etc.

From: Alexander Dalloz (ad+lists_at_uni-x.org)
Date: 09/27/05

  • Next message: Josh Coffman: "Re: kernel 2.6.12-1.1456_FC4 problems"
    To: For users of Fedora Core releases <fedora-list@redhat.com>
    Date: Tue, 27 Sep 2005 21:22:24 +0200
    
    
    
    

    Am Di, den 27.09.2005 schrieb Philip Prindeville um 20:40:

    > I was hoping to get some pointers on how to do the following sysadmin
    > chores:
    >
    > * I'm running sendmail+cyrus, and I'd like to configure a milter with
    > some simple
    > rules (for instance, don't accept email from sites that don't have
    > IN-ADDR.ARPA
    > records)

    You better don't implement that because you would reject much too much
    false positives.

    http://www.cs.niu.edu/~rickert/cf/ -> HACK(`require_rdns')
       "I don't recommend this. The amount of collateral damage is
    excessive." (Neil W. Rickert) [You know who Neil is? Co-author of the
    bat book.]

    What you can consider is to let influence a missing reverse DNS or even
    bogus DNS entries (MX pointing to 127.0.0.1) for spam rating, not blind
    rejection. I recommend to have a close look at MimeDefang
    www.mimedefang.org. It is highly adjustable just with little Perl
    knowledge.
    An example: http://www.mimedefang.org/kwiki/index.cgi?CheckForMX

    > * I'd also like to set up autofs, but it seems to be failing... I tried
    > to set up an example
    > /home mountpoint like the auto.master man page suggests, but they
    > don't give an
    > example of what /etc/auto.home would look like (and just coping
    > auto.net into it
    > doesn't work). Suggestions?

    http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/ref-guide/s1-nfs-client-config.html

    > * I tried to edit /etc/sysconfig/network to have "NETWORK_IPV6=no" but
    > it still
    > wants to bring up IPV6 networking anyway:
    >
    > eth0 Link encap:Ethernet HWaddr 00:11:09:04:D5:2A
    > inet addr:192.168.1.5 Bcast:192.168.1.255 Mask:255.255.255.0
    > inet6 addr: fe80::211:9ff:fe04:d52a/64 Scope:Link

    > is this a bug? What am I missing?

    Add to /etc/modprobe.conf

    alias net-pf-10 off
    alias ipv6 off

    > * Lastly, when I start up my mail UA, it complains about the certificate
    > coming from
    > the host being signed localhost.localdomain... Is there a
    > walk-through on how to set
    > up the various certificates required for using SSL/TLS for sending
    > email from a
    > client? How do I set up certificates for individual users, for instance?

    /usr/share/doc/openssl*/FAQ
    There are a lot of info to be found by a google search for example for
    "openssl create self-signed certificates". Fedora ships the CA script
    and CA.pl (openssl-perl).

    > /var/log/messages.1:Sep 19 19:30:30 mail sendmail[23081]: unable to open
    > Berkeley db /etc/sasldb2: No such file or directory

    You offer MD5 mech which is not configured.

    > Sep 27 12:29:30 mail sendmail[5896]: NOQUEUE: connect from [192.168.1.5]
    > Sep 27 12:29:30 mail sendmail[5896]: AUTH: available mech=DIGEST-MD5
    > ANONYMOUS CRAM-MD5, allowed mech=EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5
    > LOGIN PLAIN
    > Sep 27 12:29:30 mail sendmail[5896]: j8RITUIv005896: Milter: no active
    > filter
    > Sep 27 12:29:30 mail sendmail[5896]: STARTTLS=server,
    > relay=[192.168.1.5], version=TLSv1/SSLv3, verify=NO,
    > cipher=DHE-RSA-AES256-SHA, bits=256/256
    > Sep 27 12:29:30 mail sendmail[5896]: STARTTLS=server, cert-subject=,
    > cert-issuer=, verifymsg=ok
    > Sep 27 12:29:30 mail sendmail[5896]: AUTH: available mech=LOGIN
    > DIGEST-MD5 PLAIN ANONYMOUS CRAM-MD5, allowed mech=EXTERNAL GSSAPI
    > DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
    > Sep 27 12:29:31 mail sendmail[5896]: j8RITUIw005896: AUTH failure
    > (CRAM-MD5): user not found (-20) SASL(-13): user not found: no secret in
    > database

    Your client uses CRAM-MD5 as your Sendmail setup offers that mech, but
    you have not configured your server to provide that. So it must fail.

    > Sep 27 12:29:31 mail sendmail[5896]: AUTH=server, relay=[192.168.1.5],
    > authid=philipp, mech=PLAIN, bits=0
    > Sep 27 12:29:31 mail sendmail[5896]: j8RITUIw005896:
    > from=<philipp@redfish-solutions.com>, size=72799, class=0, nrcpts=1,
    > msgid=<43398F8A.50903@redfish-solutions.com>, proto=ESMTP,
    > daemon=MTA-v4, relay=[192.168.1.5]

    Fallback to mech PLAIN, which I guess succeeds.

    > similarly, I can't send email using SSL when connecting to my
    > sendmail server...
    > (but TLS seems to work).

    SSL is something different than (START)TLS in this context. Is that
    above a question or statement?

    > * Ditto for Cyrus. I can't use secure authentication:
    >
    > Sep 27 12:38:42 mail imaps[5986]: starttls: TLSv1 with cipher AES256-SHA
    > (256/256 bits reused) no authentication

    Too few information. We can't know what you changed from default setup.
    Use "imtest" for testing and adjusting your setup.

    > I'm using Thunderbird, if that makes any difference.

    Yes, Thunderbird can use MD5, while other popular MUAs can only speak
    PLAIN or LOGIN (Outlook, OE).

    > -Philip

    Alexander

    -- 
    Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
    legal statement: http://www.uni-x.org/legal.html
    Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp 
    Serendipity 21:00:34 up 7 days, 4:46, load average: 0.65, 0.29, 0.21 
    
    

    
    

    -- 
    fedora-list mailing list
    fedora-list@redhat.com
    To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
    


  • Next message: Josh Coffman: "Re: kernel 2.6.12-1.1456_FC4 problems"

    Relevant Pages

    • Re: Fork bombing a Linux machine as a non-root user
      ... Hello All and thanks Jeff, Gene, Arthur, ... This is my setup and how can i protect this home PC from unauthorised ... Fedora core 1) and another for Windows. ... Gene, where to find resources for statefull filtering by blocking ...
      (Fedora)
    • RE: VNC (Virtual Network Computing) question
      ... I have a Red Hat 9 and Fedora machine setup with ... The Red Hat machine has tightvnc, ... .vnc/xstartup file for the fedora to get it to work as a full session. ...
      (Fedora)
    • Re: Powerful and Stable PC Configuration for Linux (Fedora)
      ... > The integrated Lan on this mobo is a gigabit lan... ... > a generic nic to install fedora over nfs). ... >>I'd go for a RAID setup of multiple IDE drives. ...
      (Fedora)
    • Re: Auto-Send an email daily
      ... I would like to setup a recurrence for it. ... send multiple individual emails, html or plain text, with attachments, ... recipients list can be drawn from your Outlook Contacts, ...
      (microsoft.public.outlook)
    • Upgrade Server 2k - Quick Question
      ... Currently running Win2k ... server (plain, non-SBS) plus some proprietary dental practice management ... (It's a plain jane cable modem install) ... I inherited this setup several months ago and have never been comfortable ...
      (microsoft.public.windows.server.sbs)