Re: Newb questions
From: Jason Bourne (j_bourne_treadstone_at_hotmail.com)
Date: 09/08/04
- Next message: Ian Phillips: "Re: prevent users browsing / accessing other's files"
- Previous message: Lee Harr: "Re: How to login user automatically? (for IP Filter firewall)"
- In reply to: Sky-Knight: "Newb questions"
- Next in thread: Sky-Knight: "Re: Newb questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 08 Sep 2004 16:16:16 -0400
Sky-Knight wrote:
> I would say that I'm new to freebsd other than I've installed it a hundred
> times, configured cvsup, used port upgrade and all the rest. I think I
> know enough about the base OS to get myself in trouble. ;) Anyway I'm
> trying
> to get a server online with web, dns, sql, and mail capabilities. The web
> and sql are easy enough since apache, php4, and mysql work so well
> together
> and is relatively easy to configure. Not to mention so documented that
> it's easy to get lost in the documentation and still not figure it out.
> Anyway, I'm looking for suggestions on DNS and mail servers. I know BIND
> and sendmail are there but I keep hearing about potential security
> problems.
> It was suggested to me that I use djbdns and qmail. I've looked at all
> the documentation and then I start looking into jails and chroots for the
> services and everything falls apart. Anyone have any resources I could
> use
> to straighten out my brain? I could pull all this up with windows 03 in
> about 2 hours but I REALLY want out of the MS upgrade crap. Ah well now
> that you have my life story someone help me out with some good daemons to
> fit the bill so I stop reading everything's documentation and get
> something working. :)
Greetings:
Just my $.02 here, but since the base OS has Bind in it you can
subscribe to the Security list to be apprised of any new problems found. If
something pops up you can cvsup using the security cvsup tag. For example,
if you were using 4.10 you would track RELENG_4_10. Now, yes you don't have
to necessarily rebuild an entire system in order to fix just Bind, but this
is a somewhat more advanced area that you can move into after gaining more
knowledge. In the meantime the simple approach is usable until you learn
how to patch and build parts of the system.
Another approach is that you can install a newer version from the
ports tree, but here you also need to know how to maintain it. The main
thing to note here is that if you update your system you need to put some
entries in /etc/make.conf so the port version doesn't get clobbered. Since
DNS is central to all things networked IP wise, it is a good subject to
study.
My personal MTA preference is Postfix. Some of the initial setup for
getting Sendmail usable can be a short cut to getting over the initial setup
of Postfix because it is a "drop in" replacement to Sendmail. Read the
Sendmail setup page in the FreeBSD handbook for more information. My
perception is that it is potentially more secure than Sendmail and offers
better performance. Mainly though I like it because it is easy, stable, and
does the job without a lot of grief. With apologies to any QMail lovers out
there, I am not a fan of QMail.
Once you get the basics up and running you can move into the area of
using the FreeBSD based MTA to filter mail for $MS environments. There are
plugins for handling SPAM and Virus scanning which can be used to clean the
mail prior to it being delivered to a Windows box. The thing I really like
about this is there is no runtime environment on such a machine for an
inbound Windows virus to nibble on.
-Jason
- Next message: Ian Phillips: "Re: prevent users browsing / accessing other's files"
- Previous message: Lee Harr: "Re: How to login user automatically? (for IP Filter firewall)"
- In reply to: Sky-Knight: "Newb questions"
- Next in thread: Sky-Knight: "Re: Newb questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
