Syndicate

Syndicate content

Flattr


Flattr this
If you like this, you can use flattr. ;)

Imprint

About
eMail: wishinet at gmail . com
PGP ID: 0xCCCA5E74

Jabber: wishi@jabber.ccc.de

Home

Debian

Postfix troubleshooting - a security nightmare

Sat, 05/29/2010 - 21:31 |  wishi

Why to hate typical Unix mailserver setups

I hate that stuff - and it's not that Postfix in particular sucks. But integrating with Postfix is absurd. Surely it works, and as long as it works nobody changes that stuff on how it's designed.


Ohne Titel.png

Even deploying an SSL/TLS setup is challenging. But no, you also need to install proper authentication. Locally, Postfix (for unknown reasons) is chrooted. People think that this is a security feature.

Read more »
wishi's blog |  Add new comment |  1+[encrypted]+#b94+ |  Tags: Configuration, Debian, Internet Protocols , Linux, Malware, Setup, wishi's weekly squib

A practically secure mail setup - counter spammers with Linux mail-servers

Wed, 02/24/2010 - 23:03 |  wishi

Who needs this?

Bild 1.JPG
Yay, free mails in a sustaining setup!

This is a tutorial on how to practically setup a relatively secure mail-server.

It's supposed to be as minimal as reasonable nowadays, and for a small amount of users (standard root server, max. ~20 mail-users at once). Without a real DB backend. It doesn't scale business-needs, however it's supposed to be extendable.

The reference system this setup works with is a Debian GNU Linux with:

  • Maildrop - instead of Procmail for more flexible filter rulesets
  • Postfix and Postfix-pcre ~ 2.7
Read more »
wishi's blog |  Add new comment |  1+[encrypted]+#b94+ |  Tags: Configuration, Debian, Internet Protocols , Linux, pwnage, Security Tools, Unix

Get grsecurity for Debian now

Tue, 05/26/2009 - 23:19 |  wishi

Setting up the server

If you do this, you want three things:

  • a clean and secure setup, that ensures your availability - even if you're working on a remote-server
  • easy steps
  • drinking a coke or a coffee during this setup. No beer. Because kernel-upgrades and beer don't work together

Okay, what's grsecurity and why do I need it

Easily said: it's doing everything to prevent successful exploitation, like we recently saw happening on Linux through SCTP, ptrace or UDEV.

Read more »
wishi's blog |  Add new comment |  1+[encrypted]+#b94+ |  Tags: Configuration, Debian, Exploits, haq tutorial, Linux, pentesting, Security Tools, Setup

So fast - so weekly: why so fundamental? MPLS, certs, and fundamental Linux insecurity patches

Fri, 04/10/2009 - 10:17 |  wishi


Bild 1.png

this is a random security picture. :)

German Security Skills - Confickr, MPLS...

Read more »
wishi's blog |  Add new comment |  1+[encrypted]+#b94+ |  Tags: computer crimes, conference materials, Debian, Exploits, FreeBSD, haq tutorial, Internet Protocols , IT security science, Malware, pwnage, surveillance, Windows security, wishi's weekly squib
Inhaltlich Verantwortlicher gemäß § 10 Absatz 3 MDStV, § 5 TMG, § 55 RfStV: Marius Ciepluch - Schauenburger Weg 5a - 23556 Lübeck
Aus Datenschutzgründen habe ich weder offiziellen noch behördlichen Schriftverkehr via eMail.

Save the nature. Don't print this!


I provide textual exports for every blog entry. However let's save the nature together. The nature is everything around us. Every being should be respected. Save the nature - don't print too much.


Die Umgehung dieser Ausdrucksperre ist nach § 95a UrhG verboten!
Inhaltlich Verantwortlicher gemäß § 10 Absatz 3 MDStV: Marius Ciepluch - Anschrift via eMail. Die eMail Adresse entnehmen sie dem Impresseum dieser englischsprachigen Seite.
Aus Datenschutzgründen habe ich weder offiziellen noch behördlichen Schriftverkehr via eMail. Dazu ist die postalische, beim Dienstleister hinterlegte, Anschrift zu verwenden.

Datenerfassung

Es werden keine personenbezogenen Daten erfasst. Logdaten werden anonymisiert.