Are there existing rpms for courier mta? I am working from: http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mysql-and-squirrelmail-fedora-14-x86_64 And am making progress with postfix and mysql, but looking ahead to other steps. I see squirrelmail is in EPEL.
centos-bounces at centos.org schrieb am 06.12.2012 14:42:05:> Robert Moskowitz <rgm at htt-consult.com> > Gesendet von: centos-bounces at centos.org > > 06.12.2012 14:42 > > Bitte antworten an > CentOS mailing list <centos at centos.org> > > An > > CentOS mailing list <centos at centos.org>, > > Kopie > > Thema > > [CentOS] courier mail for Centos > > Are there existing rpms for courier mta? > > I am working from: > > http://www.howtoforge.com/virtual-users-and-domains-with-postfix- > courier-mysql-and-squirrelmail-fedora-14-x86_64 > > And am making progress with postfix and mysql, but looking ahead to > other steps. I see squirrelmail is in EPEL. > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centosHello Robert, why don't you use dovecot? I've the same enviroment with postfix, mysql, dovecot, squirrelmail, running for a very long time. Mit freundlichen Gr??en Andreas Reschke ________________________________________________________________ Unix/Linux-Administration Andreas.Reschke at behrgroup.com
On Thu, Dec 06, 2012 at 08:42:05AM -0500, Robert Moskowitz wrote:> Are there existing rpms for courier mta?Not by any reputable repo, no. Use dovecot which is supplied by CentOS.> http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mysql-and-squirrelmail-fedora-14-x86_64People _really_ must stop following garbage like howtoforge. This site inevitably advises to disable selinux and more often than not to do the same with your firewall. Both actions are foolhardy, at best, and downright reckless otherwise. Sigh, I just made the mistake of browsing through that article and I fear I have given myself brain cancer as a result. Using Fedora's F14 postfix which is no longer supported in any way by Fedora; patching it making it even more difficult to maintain on your own; the inevitable "You should make sure that the firewall is off (at least for now) and that SELinux is disabled (this is important!)." recommendation, etc. Bleah. Really, just forget that site exists. John -- Of all the preposterous assumptions of humanity over humanity, nothing exceeds most of the criticisms made on the habits of the poor by the well-housed, well-warmed, and well-fed. -- Herman Melville (1819-1891), novelist and poet -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20121206/ed8d478e/attachment-0005.sig>
John R. Dennison wrote:> On Thu, Dec 06, 2012 at 08:42:05AM -0500, Robert Moskowitz wrote: >> Are there existing rpms for courier mta? > > Not by any reputable repo, no. Use dovecot which is supplied by CentOS. > >> http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mysql-and-squirrelmail-fedora-14-x86_64 > > People _really_ must stop following garbage like howtoforge. This site > inevitably advises to disable selinux and more often than not to do the > same with your firewall. Both actions are foolhardy, at best, and > downright reckless otherwise.<snip> Disabling selinux, or at least setting it to permissive, I agree with. Turning down your firewall?! Anyone suggesting that is, IMO, either a) clueless, or b) a malware user/vendor trying to make life easier. Can anyone think of any other possibilities? mark
On Thu, Dec 6, 2012 at 9:13 AM, <m.roth at 5-cent.us> wrote:> > Disabling selinux, or at least setting it to permissive, I agree with. > Turning down your firewall?! Anyone suggesting that is, IMO, either a) > clueless, or b) a malware user/vendor trying to make life easier. Can > anyone think of any other possibilities?Someone with good site and subnet-level hardware firewalling. And a good feeling that all the bad guys are on the other side of the firewalls. -- Les Mikesell lesmikesell at gmail.com
On 12/06/2012 09:15 AM, John R. Dennison wrote:> On Thu, Dec 06, 2012 at 08:42:05AM -0500, Robert Moskowitz wrote: >> Are there existing rpms for courier mta? > Not by any reputable repo, no. Use dovecot which is supplied by CentOS. > >> http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mysql-and-squirrelmail-fedora-14-x86_64 > People _really_ must stop following garbage like howtoforge. This site > inevitably advises to disable selinux and more often than not to do the > same with your firewall. Both actions are foolhardy, at best, and > downright reckless otherwise. > > Sigh, I just made the mistake of browsing through that article and I > fear I have given myself brain cancer as a result. Using Fedora's F14 > postfix which is no longer supported in any way by Fedora; patching it > making it even more difficult to maintain on your own; the inevitable > "You should make sure that the firewall is off (at least for now) and > that SELinux is disabled (this is important!)." recommendation, etc. > > Bleah. > > Really, just forget that site exists.I did this back using the F12 version of this howto, and then it was NOT on howtoforge. I still have it running on F12 and REALLY want to move off that. Almost everything in this tutorial is now available without doing things like disabling SELinux (btw, I move the SSH port and use semanage to accomidate that). It is good when someone does something good and then it comes easy. When I get this working, I will put together instructions to be published somewhere. The only part which I probably CAN'T do myself is the mysql frontend; I will be using phpMyAdmin for starters.
On 12/06/2012 10:41 AM, Les Mikesell wrote:> On Thu, Dec 6, 2012 at 9:13 AM, <m.roth at 5-cent.us> wrote: >> Disabling selinux, or at least setting it to permissive, I agree with. >> Turning down your firewall?! Anyone suggesting that is, IMO, either a) >> clueless, or b) a malware user/vendor trying to make life easier. Can >> anyone think of any other possibilities? > Someone with good site and subnet-level hardware firewalling. And a > good feeling that all the bad guys are on the other side of the > firewalls.Which I have. A Juniper branch firewall that I was given for testing purposes. And I am subnetted up the gazoo; I have a 64 address CIDR allocation that I have subnetted to /29s and /28s. I also use RFC1918 extensively. Afterall, I am one of its authors :)
On 12/06/2012 11:13 AM, Reindl Harald wrote:> > Am 06.12.2012 17:10, schrieb Robert Moskowitz: >> On 12/06/2012 10:41 AM, Les Mikesell wrote: >>> On Thu, Dec 6, 2012 at 9:13 AM, <m.roth at 5-cent.us> wrote: >>>> Disabling selinux, or at least setting it to permissive, I agree with. >>>> Turning down your firewall?! Anyone suggesting that is, IMO, either a) >>>> clueless, or b) a malware user/vendor trying to make life easier. Can >>>> anyone think of any other possibilities? >>> Someone with good site and subnet-level hardware firewalling. And a >>> good feeling that all the bad guys are on the other side of the >>> firewalls. >> Which I have. A Juniper branch firewall that I was given for testing >> purposes. And I am subnetted up the gazoo; I have a 64 address CIDR >> allocation that I have subnetted to /29s and /28s. I also use RFC1918 >> extensively. Afterall, I am one of its authors :) > but you did not understand "feeling that all the bad guys are on the other > side of the firewalls" - these days believe their will never be attacks > from infected machines and such crap from INSINDE the network is naive >Actually I do, as I work in this area. Granted my job is secure communications, not secure OS/apps, but I work with the team that does deal with this. It goes back to my good friend Steve Bellovin where in his firewall book he called the firewall the crunchy outside and the corp net the chewy inside. He later was a strong advocate for per system firewalling; what we have today. When we keep it on, that is. Also why I want to get my DNS server off of the old Centos to current and my Samba and Mail servers also to current. Past due.
On 12/06/2012 09:15 AM, John R. Dennison wrote:> On Thu, Dec 06, 2012 at 08:42:05AM -0500, Robert Moskowitz wrote: >> Are there existing rpms for courier mta? > Not by any reputable repo, no. Use dovecot which is supplied by CentOS. > >> http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mysql-and-squirrelmail-fedora-14-x86_64 > People _really_ must stop following garbage like howtoforge. This site > inevitably advises to disable selinux and more often than not to do the > same with your firewall. Both actions are foolhardy, at best, and > downright reckless otherwise.I have found a newer version of the howto: http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mysql-and-squirrelmail-centos-6.2-x86_64 I am going to email the author to get help on not implementing quotas (they caused me grief in the past). I am also going to ask him about dovecot/courier. And finally about disabling SELinux; what are the problems. I will probably be asking for help here! :) My limited experience with semanage is that it is slooooow for a change. At least the one I make for SSH port.
On 12/6/2012 8:42 AM, Robert Moskowitz wrote:> Are there existing rpms for courier mta? > > I am working from: > > http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mysql-and-squirrelmail-fedora-14-x86_64 > > And am making progress with postfix and mysql, but looking ahead to > other steps. I see squirrelmail is in EPEL.I don't know of any rpms in the major repos. However, the courier and courier-auth tarballs have spec files that make it VERY easy to build the rpms yourself. You don't even have to unpack the tarballs. Ask on the courier mailing list. Very friendly and the developer is active on the list. -- Bowie