[gentoo-server] DNS, Firewall and Mail Server.

[gentoo-server] DNS, Firewall and Mail Server.

[Rodrigo Schulte]

Hi!
Please, 
I looking for the most used, more documentation, the best, etc... DNS,
Firewall and Mail Server.

Thanks!

-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] DNS, Firewall and Mail Server.

[Peter Eis]

Rodrigo Schulte wrote:

>Hi!
>Please, 
>I looking for the most used, more documentation, the best, etc... DNS,
>Firewall and Mail Server.
>
>  
>
As firewall I recommend shorewall http://www.shorewall.net/
The documentation is excellent and the firewall is fairly easy to configure.

For the mail server check out
http://www.gentoo.org/doc/en/virt-mail-howto.xml

Cheers,
Peter

-- 
_______________________________
Dr. Hagen&Partner GmbH
Am Weichselgarten 7
91058 Erlangen
Tel: (0049)9131/691-330
Fax: (0049)9131/691-248
_______________________________


-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] DNS, Firewall and Mail Server.

[Ryan Lynch]

On Mon, 30 May 2005 10:37:16 +0200
Peter Eis <eis@hagen-partner.de> wrote:

> Rodrigo Schulte wrote:
> 
> >Hi!
> >Please, 
> >I looking for the most used, more documentation, the best, etc... DNS,
> >Firewall and Mail Server.
> >
> >  
> >
> As firewall I recommend shorewall http://www.shorewall.net/
> The documentation is excellent and the firewall is fairly easy to configure.
> 
> For the mail server check out
> http://www.gentoo.org/doc/en/virt-mail-howto.xml
> 
> Cheers,
> Peter
> 

I agree about Shorewall, it's a great iptables configuration utility, and makes complex firewall set ups a breeze.  Plus the online documentation is excellent.  As for setting up a mail server, you might also want to check out the offerings on the gentoo wiki. 

http://gentoo-wiki.com/HOWTO_Email_Virtual_Hosting_with_Courier_and_MySQL
http://gentoo-wiki.com/HOWTO_Linux_Virtual_Hosting_Server

The second one covers more than just mail hosting, including setting up a SquirrelMail web interface with SSL throughout.  Keep in mind that if it's just you using the mailserver, you can self sign the SSL certificate and save some money. 

-Ryan Lynch
-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] DNS, Firewall and Mail Server.

[Benjamin Smee]

[-- Attachment #1: Type: text/plain, Size: 1576 bytes --]

lo,

On Monday 30 May 2005 16:00, Ryan Lynch wrote:
> On Mon, 30 May 2005 10:37:16 +0200
>
> Peter Eis <eis@hagen-partner.de> wrote:
> > Rodrigo Schulte wrote:
> > >Hi!
> > >Please,
> > >I looking for the most used, more documentation, the best, etc... DNS,
> > >Firewall and Mail Server.

Everyone is going to have their own preferences for these utilities and their 
own reasons for doing so. In my opinion if you are looking to do serious 
deployments of the above (read performance / scalibility / uptime are 
important) then the following would be my pick:

* dns - bind. Bind continues to be the main dns implementation and while some 
people like other lighter altnatives I find that they tend not to have 
dnssec / tsig implementations that are important to me.

* firewall - like the other people here I recommend shorewall due to its 
complete solutions. Another option to consider is fwbuilder which basically 
provides a nice gui to generating your own iptable configs.

* mail - this question is perhaps the most loaded of them all. In my opinion 
its hard to beat postfix + cyrus + ldap for serious deployments. Ldap is 
optimised for lookups and beats db's in this regard, its also lighter and 
easier to replicate. Cyrus itself continues to be the most important imap 
implementation and drives most of the new features. It is also very scalable 
and performant. postfix is light years ahead of qmail :) /me waits patiently 
for the flames.

b
-- 
Benjamin Smee (strerror)
497F 5E98 1FA0 C313 EA0B 08C7 004A 66ED 448B E78C

[-- Attachment #2: Type: application/pgp-signature, Size: 190 bytes --]

Re: [gentoo-server] DNS, Firewall and Mail Server.

[Thilo Bangert]

> * dns - bind. Bind continues to be the main dns implementation and
> while some people like other lighter altnatives I find that they tend
> not to have dnssec / tsig implementations that are important to me.

i am just curious: how are you using DNSSEC? Or what for?


kind regards
thilo
-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] DNS, Firewall and Mail Server.

[Benjamin Smee]

[-- Attachment #1: Type: text/plain, Size: 311 bytes --]

lo,

On Monday 30 May 2005 18:09, Thilo Bangert wrote:
> i am just curious: how are you using DNSSEC? Or what for?

Just for some extra security over certain parts of our dns infrastructure at 
work, nothing amazing.

b
-- 
Benjamin Smee (strerror)
497F 5E98 1FA0 C313 EA0B 08C7 004A 66ED 448B E78C

[-- Attachment #2: Type: application/pgp-signature, Size: 190 bytes --]

Re: [gentoo-server] DNS, Firewall and Mail Server.

[Thilo Bangert]

hi,

> > i am just curious: how are you using DNSSEC? Or what for?
>
> Just for some extra security over certain parts of our dns
> infrastructure at work, nothing amazing.

okay, but how does DNSSEC help you establish that? and what is it that 
you are securing...

i don't know much about DNSSEC, but
from my understanding can DNSSEC establish cryptographic authority about 
a DNS record, iff you can trust the master of the zone. since non of 
the root servers supports DNSSEC, your zone can still be subject to 
forgery...

or are you running your own root zone? i guess using split-horizon 
resolvers could be another setup in which this would work... ?

regards
thilo
-- 
gentoo-server@gentoo.org mailing list

[gentoo-server] replay emerge.log?

[Phillip Berry]

[-- Attachment #1: Type: text/plain, Size: 484 bytes --]

Hi all,

I'm trying to setup a test server after an old one died.   Obviously i want it 
to replicate the prod servers in everyway including having the same versions 
of applications and the like.   So i was thinking that maybe the easiest way 
would be to somehow use the emerge.log from a production server and some 
scripting to create a sort of replay log? Has anyone done anything like this?  
Anyone have any thoughts on why it might not be a good idea?

Cheers
Phil

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-server] replay emerge.log?

[Ow Mun Heng]

On Tue, 2005-05-31 at 15:42 +1000, Phillip Berry wrote:
> Hi all,
> 
> I'm trying to setup a test server after an old one died.   Obviously i want it 
> to replicate the prod servers in everyway including having the same versions 
> of applications and the like.   So i was thinking that maybe the easiest way 
> would be to somehow use the emerge.log from a production server and some 
> scripting to create a sort of replay log? Has anyone done anything like this?  
> Anyone have any thoughts on why it might not be a good idea?


If you're talking about getting it to emerge all the packages which is
present in the original box. Then it's not a good idea.

better would be to use something like 

find /var/db/pkg/ -type d -mindepth 2 | sed 's:\/var\/db\/pkg\/::' to
list all the packages. Note that this will be even better than the world
file because it contains all the dependencies pulled in etc (which is
not included in normal world file)


-- 
Ow Mun Heng
Gentoo/Linux on DELL D600 1.4Ghz 1.5GB RAM
98% Microsoft(tm) Free!! 
Neuromancer 14:04:39 up 16:06, 8 users, load average: 0.96, 1.34, 1.24 


-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] DNS, Firewall and Mail Server.

[Benjamin Smee]

[-- Attachment #1: Type: text/plain, Size: 1040 bytes --]

lo,

On Monday 30 May 2005 19:33, Thilo Bangert wrote:
> okay, but how does DNSSEC help you establish that? and what is it that
> you are securing...

By cryptographically signing zones you can be assured of the integrity of the 
domains. You are basically securing yourself against dns spoofing. Google 
around for more information on the benefits of dnssec.

>
> i don't know much about DNSSEC, but
> from my understanding can DNSSEC establish cryptographic authority about
> a DNS record, iff you can trust the master of the zone. since non of
> the root servers supports DNSSEC, your zone can still be subject to
> forgery...
>
> or are you running your own root zone? i guess using split-horizon
> resolvers could be another setup in which this would work... ?

Running our own root zone.

On a side note courses such as 
(http://secure.interop.com/catalog/sessionDetail.do?SESSION_ID=1087) more 
information about DNSSEC.

b
-- 
Benjamin Smee (strerror)
497F 5E98 1FA0 C313 EA0B 08C7 004A 66ED 448B E78C

[-- Attachment #2: Type: application/pgp-signature, Size: 190 bytes --]