Am Di, den 27.09.2005 schrieb Philip Prindeville um 20:40: > I was hoping to get some pointers on how to do the following sysadmin > chores: > > * I'm running sendmail+cyrus, and I'd like to configure a milter with > some simple > rules (for instance, don't accept email from sites that don't have > IN-ADDR.ARPA > records) You better don't implement that because you would reject much too much false positives. http://www.cs.niu.edu/~rickert/cf/ -> HACK(`require_rdns') "I don't recommend this. The amount of collateral damage is excessive." (Neil W. Rickert) [You know who Neil is? Co-author of the bat book.] What you can consider is to let influence a missing reverse DNS or even bogus DNS entries (MX pointing to 127.0.0.1) for spam rating, not blind rejection. I recommend to have a close look at MimeDefang www.mimedefang.org. It is highly adjustable just with little Perl knowledge. An example: http://www.mimedefang.org/kwiki/index.cgi?CheckForMX > * I'd also like to set up autofs, but it seems to be failing... I tried > to set up an example > /home mountpoint like the auto.master man page suggests, but they > don't give an > example of what /etc/auto.home would look like (and just coping > auto.net into it > doesn't work). Suggestions? http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/ref-guide/s1-nfs-client-config.html > * I tried to edit /etc/sysconfig/network to have "NETWORK_IPV6=no" but > it still > wants to bring up IPV6 networking anyway: > > eth0 Link encap:Ethernet HWaddr 00:11:09:04:D5:2A > inet addr:192.168.1.5 Bcast:192.168.1.255 Mask:255.255.255.0 > inet6 addr: fe80::211:9ff:fe04:d52a/64 Scope:Link > is this a bug? What am I missing? Add to /etc/modprobe.conf alias net-pf-10 off alias ipv6 off > * Lastly, when I start up my mail UA, it complains about the certificate > coming from > the host being signed localhost.localdomain... Is there a > walk-through on how to set > up the various certificates required for using SSL/TLS for sending > email from a > client? How do I set up certificates for individual users, for instance? /usr/share/doc/openssl*/FAQ There are a lot of info to be found by a google search for example for "openssl create self-signed certificates". Fedora ships the CA script and CA.pl (openssl-perl). > /var/log/messages.1:Sep 19 19:30:30 mail sendmail[23081]: unable to open > Berkeley db /etc/sasldb2: No such file or directory You offer MD5 mech which is not configured. > Sep 27 12:29:30 mail sendmail[5896]: NOQUEUE: connect from [192.168.1.5] > Sep 27 12:29:30 mail sendmail[5896]: AUTH: available mech=DIGEST-MD5 > ANONYMOUS CRAM-MD5, allowed mech=EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 > LOGIN PLAIN > Sep 27 12:29:30 mail sendmail[5896]: j8RITUIv005896: Milter: no active > filter > Sep 27 12:29:30 mail sendmail[5896]: STARTTLS=server, > relay=[192.168.1.5], version=TLSv1/SSLv3, verify=NO, > cipher=DHE-RSA-AES256-SHA, bits=256/256 > Sep 27 12:29:30 mail sendmail[5896]: STARTTLS=server, cert-subject=, > cert-issuer=, verifymsg=ok > Sep 27 12:29:30 mail sendmail[5896]: AUTH: available mech=LOGIN > DIGEST-MD5 PLAIN ANONYMOUS CRAM-MD5, allowed mech=EXTERNAL GSSAPI > DIGEST-MD5 CRAM-MD5 LOGIN PLAIN > Sep 27 12:29:31 mail sendmail[5896]: j8RITUIw005896: AUTH failure > (CRAM-MD5): user not found (-20) SASL(-13): user not found: no secret in > database Your client uses CRAM-MD5 as your Sendmail setup offers that mech, but you have not configured your server to provide that. So it must fail. > Sep 27 12:29:31 mail sendmail[5896]: AUTH=server, relay=[192.168.1.5], > authid=philipp, mech=PLAIN, bits=0 > Sep 27 12:29:31 mail sendmail[5896]: j8RITUIw005896: > from=<philipp@xxxxxxxxxxxxxxxxxxxxx>, size=72799, class=0, nrcpts=1, > msgid=<43398F8A.50903@xxxxxxxxxxxxxxxxxxxxx>, proto=ESMTP, > daemon=MTA-v4, relay=[192.168.1.5] Fallback to mech PLAIN, which I guess succeeds. > similarly, I can't send email using SSL when connecting to my > sendmail server... > (but TLS seems to work). SSL is something different than (START)TLS in this context. Is that above a question or statement? > * Ditto for Cyrus. I can't use secure authentication: > > Sep 27 12:38:42 mail imaps[5986]: starttls: TLSv1 with cipher AES256-SHA > (256/256 bits reused) no authentication Too few information. We can't know what you changed from default setup. Use "imtest" for testing and adjusting your setup. > I'm using Thunderbird, if that makes any difference. Yes, Thunderbird can use MD5, while other popular MUAs can only speak PLAIN or LOGIN (Outlook, OE). > -Philip Alexander -- Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773 legal statement: http://www.uni-x.org/legal.html Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp Serendipity 21:00:34 up 7 days, 4:46, load average: 0.65, 0.29, 0.21
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil