On Saturday I was able to get my client moved over the new mail server that I'd installed a couple of weeks ago.  It went pretty smoothly, although I did have to modify Postfix's main.cf to allow it to accept email to their domain, rather than just to their host.domain.com.
It's amazing how many attempts there are to relay mail through the box.  If I login to it and run tail -f /var/log/maillog, and I can sit there and watch relay attempts scroll off the top of my screen.  I've done this several times and it just doesn't end.
Theire old box used CommuniGate Pro for mail services.  One advantage CGP has is that mail users are different from system users.  I.e., you don't need to setup an account on the system for a user to send and receive mail through it (although you can configure it to use system accounts).  When using Postfix and Dovecot, and not using virtual domains, mail accounts are system accounts.  I wanted to make it more difficult for someone to crack the box.  Since my client is using this only for email and system logins aren't needed, I used chsh to change the login shell of each mail user to /sbin/nologin.  Now, when someone tries to SSH into the server they get bounced right off.
No comments:
Post a Comment
Because of spammers I review all comments before they are published.