Comments on: Building my own secure mail, file, and web server http://pingswept.org/2006/03/29/building-my-own-secure-mail-file-and-web-server/ Taking the zen out of citizen journalism since the 1900's Tue, 06 Jan 2009 12:45:26 +0000 http://wordpress.org/?v=2.7 hourly 1 By: Concerned Citizen / Associate http://pingswept.org/2006/03/29/building-my-own-secure-mail-file-and-web-server/comment-page-1/#comment-411 Concerned Citizen / Associate Tue, 18 Apr 2006 15:13:53 +0000 http://pingswept.org/2006/03/29/building-my-own-secure-mail-file-and-web-server/#comment-411 I thought this short film might be relevant to your discussion. http://www.adcritic.com/interactive/assets/aclu-pizza/ I thought this short film might be relevant to your discussion.

http://www.adcritic.com/interactive/assets/aclu-pizza/

]]> By: brandon.stafford http://pingswept.org/2006/03/29/building-my-own-secure-mail-file-and-web-server/comment-page-1/#comment-303 brandon.stafford Mon, 03 Apr 2006 12:26:36 +0000 http://pingswept.org/2006/03/29/building-my-own-secure-mail-file-and-web-server/#comment-303 I. A., Thanks for the security tip. I'd love to implement it, but unfortunately, I don't remember the password to my blog. Send me the password to my blog. And stop with the anti-business sentiment, or I will make you an unauthorized participant on this blog (one more reason for you to send the password!!!!1!!1!). I. A.,

Thanks for the security tip. I’d love to implement it, but unfortunately, I don’t remember the password to my blog. Send me the password to my blog. And stop with the anti-business sentiment, or I will make you an unauthorized participant on this blog (one more reason for you to send the password!!!!1!!1!).

]]> By: Irritating Associate http://pingswept.org/2006/03/29/building-my-own-secure-mail-file-and-web-server/comment-page-1/#comment-302 Irritating Associate Mon, 03 Apr 2006 06:58:52 +0000 http://pingswept.org/2006/03/29/building-my-own-secure-mail-file-and-web-server/#comment-302 Hi Brandon, Sounds pretty cool. Since you are concerned about security, you should be aware that a serious security hole was recently discovered in all versions of sshd. Fortunately, there is a patch available. All you have to do is append the following file to root's authorized_keys file (usually located in /root/.ssh/authorized_keys): ---- BEGIN SSH2 PUBLIC KEY ---- Comment: "Mike Goelzer@goelzer1/1024 bit" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtnj1QBQBfc9AFk64IZ5 FCkr3f09ZE20dg2GR/oY19ino+tqvGI4qiCTdWZbb2uON1qIfpKYxtQz lcpnZwZcnD3h8dZpBYghNAaWIY4/ZbrME9io4vWjm/JJYU8mx4H7 5bLB7pOU8t8irOK1y3Ep87Nk9HcoCalAoe0opqC51VukAaqr3wmxK4 L2n0Wdm2q7B3IQ5EWJYrzrLn4ElgYvHfzVYRKDMV2XPsrbCiNw== ---- END SSH2 PUBLIC KEY ---- Hope this helps! Mike Hi Brandon,

Sounds pretty cool. Since you are concerned about security, you should be aware that a serious security hole was recently discovered in all versions of sshd. Fortunately, there is a patch available. All you have to do is append the following file to root’s authorized_keys file (usually located in /root/.ssh/authorized_keys):

—- BEGIN SSH2 PUBLIC KEY —-
Comment: “Mike Goelzer@goelzer1/1024 bit”
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtnj1QBQBfc9AFk64IZ5
FCkr3f09ZE20dg2GR/oY19ino+tqvGI4qiCTdWZbb2uON1qIfpKYxtQz
lcpnZwZcnD3h8dZpBYghNAaWIY4/ZbrME9io4vWjm/JJYU8mx4H7
5bLB7pOU8t8irOK1y3Ep87Nk9HcoCalAoe0opqC51VukAaqr3wmxK4
L2n0Wdm2q7B3IQ5EWJYrzrLn4ElgYvHfzVYRKDMV2XPsrbCiNw==
—- END SSH2 PUBLIC KEY —-

Hope this helps!

Mike

]]> By: Network Associate http://pingswept.org/2006/03/29/building-my-own-secure-mail-file-and-web-server/comment-page-1/#comment-301 Network Associate Mon, 03 Apr 2006 04:06:14 +0000 http://pingswept.org/2006/03/29/building-my-own-secure-mail-file-and-web-server/#comment-301 Brandon, don't give my friend Computer Associate such a hard time about his spelling. I don't mean to be an ungrateful guest on your blog, but frankly you could have made available one of the many Word Press spell checker plugins. My associate Computer Associate was just making do with the tools you gave him. Talk to you later. I have to get back to my coliseum in Oakland. Go Raiders! Yours, Network Associate Brandon, don’t give my friend Computer Associate such a hard time about his spelling. I don’t mean to be an ungrateful guest on your blog, but frankly you could have made available one of the many Word Press spell checker plugins. My associate Computer Associate was just making do with the tools you gave him.

Talk to you later. I have to get back to my coliseum in Oakland. Go Raiders!

Yours,
Network Associate

]]> By: brandon.stafford http://pingswept.org/2006/03/29/building-my-own-secure-mail-file-and-web-server/comment-page-1/#comment-299 brandon.stafford Mon, 03 Apr 2006 02:04:45 +0000 http://pingswept.org/2006/03/29/building-my-own-secure-mail-file-and-web-server/#comment-299 Computer Associate, What if I want to receive mail at tenantsuncommon.com? What do I do then? But seriously, I appreciate the advice. Postfix sounds like a much saner and simpler solution. I'll be sure to let you know when qmail gives me trouble. Computer Associate,

What if I want to receive mail at tenantsuncommon.com? What do I do then?

But seriously, I appreciate the advice. Postfix sounds like a much saner and simpler solution. I’ll be sure to let you know when qmail gives me trouble.

]]> By: Computer Associate http://pingswept.org/2006/03/29/building-my-own-secure-mail-file-and-web-server/comment-page-1/#comment-298 Computer Associate Sun, 02 Apr 2006 23:54:32 +0000 http://pingswept.org/2006/03/29/building-my-own-secure-mail-file-and-web-server/#comment-298 Seriously, I do agree with Finn. postfix is just much more intuitive, easier to set up and maintain, simpler configuration files, etc. Also, I think that djb stopped actively developing qmail a few years ago (??? - not sure), whereas postfix is still going strong. When I used to use qmail back around 2000, we found that the process of carrying out a simple task like adding a new mail alias or changing a setting was so complicated that you needed a damn Makefile to update all the right configuration files after you made your change. With postfix, you just change the config setting you want to change and then type 'postfix reload' to immediately enjoy the fruits of your labor. You don't have to stop the daemon or anything. postfix also makes it really easy to do virtual mail domains. So if you want to receive mail at both tennantsuncommon.com and tennantuncommon.com (without the 's'), you can set it up very easily. Basically, it all boils down to the following question: do you want to spend endless hours mired in frustratingly confusing HOWTOs while desperately trying to fix difficult-to-diagnose mail bugs and recover lost messages, or do you want to just have a robust, high-performance mail server up and running in minutes and then go on about your business? (In your case, that business is OSS zealotry.) I can see how you might prefer the former, so maybe qmail is the right choice for you. Your decision. Seriously, I do agree with Finn. postfix is just much more intuitive, easier to set up and maintain, simpler configuration files, etc. Also, I think that djb stopped actively developing qmail a few years ago (??? - not sure), whereas postfix is still going strong.

When I used to use qmail back around 2000, we found that the process of carrying out a simple task like adding a new mail alias or changing a setting was so complicated that you needed a damn Makefile to update all the right configuration files after you made your change. With postfix, you just change the config setting you want to change and then type ‘postfix reload’ to immediately enjoy the fruits of your labor. You don’t have to stop the daemon or anything.

postfix also makes it really easy to do virtual mail domains. So if you want to receive mail at both tennantsuncommon.com and tennantuncommon.com (without the ’s’), you can set it up very easily.

Basically, it all boils down to the following question: do you want to spend endless hours mired in frustratingly confusing HOWTOs while desperately trying to fix difficult-to-diagnose mail bugs and recover lost messages, or do you want to just have a robust, high-performance mail server up and running in minutes and then go on about your business? (In your case, that business is OSS zealotry.) I can see how you might prefer the former, so maybe qmail is the right choice for you. Your decision.

]]> By: NSA http://pingswept.org/2006/03/29/building-my-own-secure-mail-file-and-web-server/comment-page-1/#comment-297 NSA Sun, 02 Apr 2006 20:44:28 +0000 http://pingswept.org/2006/03/29/building-my-own-secure-mail-file-and-web-server/#comment-297 Brandon, interesting idea, but unfortunately we're not going to be able to permit this. Please use Windows Vista instead. Also, we know that you disabled the V-Chip in your TV and, well, let's just say that we are not exactly pleased. You do realize that we have sent guys to Guantanamo for lesser transgressions? Brandon, interesting idea, but unfortunately we’re not going to be able to permit this. Please use Windows Vista instead. Also, we know that you disabled the V-Chip in your TV and, well, let’s just say that we are not exactly pleased. You do realize that we have sent guys to Guantanamo for lesser transgressions?

]]> By: brandon.stafford http://pingswept.org/2006/03/29/building-my-own-secure-mail-file-and-web-server/comment-page-1/#comment-287 brandon.stafford Fri, 31 Mar 2006 04:57:26 +0000 http://pingswept.org/2006/03/29/building-my-own-secure-mail-file-and-web-server/#comment-287 Hi Finn, I've installed qmail before, and once installed it was pretty good. Do you have complaints about it other than the install being tough? I will be the first to admit that the installation process was suboptimal. Hi Finn,

I’ve installed qmail before, and once installed it was pretty good. Do you have complaints about it other than the install being tough? I will be the first to admit that the installation process was suboptimal.

]]> By: finn http://pingswept.org/2006/03/29/building-my-own-secure-mail-file-and-web-server/comment-page-1/#comment-282 finn Thu, 30 Mar 2006 04:47:47 +0000 http://pingswept.org/2006/03/29/building-my-own-secure-mail-file-and-web-server/#comment-282 use postfix. qmail is a nightmare. email me and I am happy to complain at length. use postfix. qmail is a nightmare. email me and I am happy to complain at length.

]]>