main

main@lists.alug.org.uk

1 participants
10367 discussions

HTTP security (or otherwise)
by Chris Green 25 May '05

25 May '05

It's me with still more questions (I'll stop soon I expect). I'm aiming to provide a webmail server on my home Linux machine, probably with SquirrelMail, this is why I've been asking questions about IMAP servers, security, etc. I have SquirrelMail working already, very simple it was too, I was just asking about daemons etc. for information really. After a little thought (and reading) I realise that the IMAP server doesn't have to be visible to the outside world if the only access is to be via SquirrelMail. I know it's possible (and intended even) that IMAP should be used by remote MUAs with IMAP capability but since I won't be doing that and neither will my other users I don't need to worry about the security implications of making IMAP (or POP3 for that matter) visible outside the LAN. It means that making the web server visible to the outside world is where security matters though. Are there any other ways apart from full blown certificate based SSL/TSL to make an apache server a bit more secure? In particular is there a simple ways to encrypt passwords as they pass across the 'net? The sort of level of security that ssh provides would be ideal, however expecting users to set up an ssh tunnel whenever they want to read their mail is probably a non-starter. -- Chris Green (chris(a)areti.co.uk) "Never ascribe to malice that which can be explained by incompetence."

3 3

IMAP subscribe/unsubscribe
by Chris Green 25 May '05

25 May '05

I've posted a similar question on the comp.mail.imap newsgroup but maybe someone here can answer the question. What are the IMAP subscribe and unsubscribe functions for? I don't mean what do they actually do in any particular mail client, I mean what is their intended purpose and use? I can find nowhere that offers a good overall description of IMAP and how it's supposed to work even after spending quite a while Googling. There's the RFC of course but that's hardly user (or even techie) friendly. Apart from that there are lots of descriptions of specific server and client implementations but since they all differ in quite significant ways in the way they handle subscribe/unsubscribe they don't really help a great deal.

1 1

Thunderbird question
by Chris Green 25 May '05

25 May '05

I'm playing with Thunderbird as an 'alternative' GUI mail clinet to mutt. I have it configured OK and reading a remote IMAP server. The one thing I want to do that I can't see how to do at the moment is copy a folder (or even better a folder hierachy) of messages from the IMAP server to a local folder. Dragging and dropping the Inbox copied it and the mail messages in it but dragging and dropping other folders seems only to copy the folder but not its contents. -- Chris Green (chris(a)areti.co.uk) "Never ascribe to malice that which can be explained by incompetence."

1 0

GUI mail client for Linux/Unix mbox delivery (i.e. not POP3)
by Chris Green 24 May '05

24 May '05

Are there any GUI mail clients that read Linux/Unix mailbox file mail delivery? I use mutt for most of my mail reading but now that I can do all my mail reading on my home machine it would occasionally be useful to read my mail with a GUI mail reader (e.g. for the very occasional HTML mail that says something useful with the HTML, and/or to look at attached pictures). All the GUI clients I have tried in days gone by have assumed mail comes from a POP3 server and/or munge the local mail spool with specialised indexes etc. that break it for other (better behaved) clients. It doesn't even have to be a Linux program as my Win2k machine has access to the mail on the Linux box. -- Chris Green (chris(a)areti.co.uk) "Never ascribe to malice that which can be explained by incompetence."

7 9

Fetching with fetchmail versus sending with SMTP
by Chris Green 24 May '05

24 May '05

I currently read (nearly) all my mail on a remote system (this one) where I have a Linux shell login. I log in to the system using ssh and read my mail using mutt, this gives me access to my mail from anywhere with little hassle. Since we now have broadband at home I can transfer this process (remote ssh login and use mutt) to my home Linux machine. This gives me a couple of extra advantages - virtually unlimited storage space and the ability to use a GUI/HTML mail reader when I'm at home if I want to. The question is should I simply move all my fetchmail bits and pieces from the system where I currently read my mail to my home system or should I receive the mail using SMTP? I already run a Postfix SMTP server on the home system for people to send mail to the outside world, I see no need to authenticate local users, if they can get into my house I may as well allow them to send mail! Would it actually be easier/safer to collect all the mail using fetchmail (much of it is collected on the hosting service by using fetchmail to get it from other places) or does SMTP actually confer any advantages? It would actually be pretty easy just to transfer my .fetchmailrc file from where it is now to my home Linux box and not bother with SMTP at all. If I open up the SMTP port to the outside world what issues are there? I want to deliver mail from my hosting service which handles all mail for my isbd.co.uk and isbd.net domains, I have a web configurator which will let me forward all this mail to my home machine (which is a subdomain of isbd.net). I can thus limit connections to just the hosting service so that will probably deal with most of the security issues, I will also obviously check that relaying is not allowed (I'm pretty sure it isn't now). I will still need to run fetchmail to get mail from a few old POP3 hosts where I get the odd message still. -- Chris Green (chris(a)areti.co.uk) "Never ascribe to malice that which can be explained by incompetence."

2 3

[ALUG Announce]BBQ on the 28th
by MJ Ray 24 May '05

24 May '05

ALUG Announce Please send announcements to Announce(a)lists.alug.org.uk Unsub, change settings via http://lists.alug.org.uk/mailman/listinfo/announce ----- I have added a link from http://www.alug.org.uk/meetings/2005/ to this. For more details see http://www.greenhills.co.uk/mak/alug/20050528-bbq.html -- MJ Ray (slef), K.Lynn, England, email via http://mjr.towers.org.uk/ ----- Send discussion replies to main(a)lists.alug.org.uk (Reply-To set) Unsub, change settings via http://lists.alug.org.uk/mailman/listinfo/announce

1 0

How can a user unmount something mounted with smbmount?
by Chris Green 23 May '05

23 May '05

I am using 'smbmount' to mount a Windows file system on a directory in $HOME on my Linux box. This works for a user if smbmount is SUID. However I don't seem to be able to umount the file system except as root, it just says:- umount: /home/chris/win is not in the fstab (and you are not root) The umount executable is alread SUID but this doesn't seem to help. -- Chris Green (chris(a)areti.co.uk) "Never ascribe to malice that which can be explained by incompetence."

3 5

thanx tony
by thedeceiver 23 May '05

23 May '05

thanks for the welcome, i practice my daily rituals i black notley,essex.kneeling to face pluto, leftthumb in right ear,right toe in left ear whilst chanting Suse Suse Suse,thus begins mt linux day (only joking ;) ) andy -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.322 / Virus Database: 266.11.15 - Release Date: 22/05/2005

2 1

Further to ssh security without a passphrase for the key
by Chris Green 23 May '05

23 May '05

I was reading the ssh (and other ssh utilities) manual pages just now and it would appear that hostbased authentication offers an improvement on 'no passphrase' user keys. As I understand it what it does effectively is make a key for the host you are connecting from rather than the user. This key can then be protected from casual access by being owned by root (or even better a special user) and a utulity program ssh-keysign which is suid is used to access the key. If your host machine is reasonably secure and you have root access (or a friendly sysadmin) this does offer a step up in security, though maybe not quite as good as using ssh-keygen - it depends on the way you use ssh. -- Chris Green (chris(a)areti.co.uk) "Never ascribe to malice that which can be explained by incompetence."

1 0

Suse 9.3 changes to xdm login
by Nick Daniels 23 May '05

23 May '05

Hi I am running Suse 9.3 on two machines, and the login, seemingly at random changes to xdm. I have tried editing the etc/sysconfig/displaymanager to kdm but about every 4th boot it changes back I have come across reference to it here http://forums.suselinuxsupport.de/lofiversion/index.php/t14756.html but I do not use Nvidia cards Any ideas would be appreciated Regards Nick Daniels

2 3

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

main