Linux Enterprise Mail Server Security Guides

Hello everyone!

Today is the International Women's Day, and I want to congratulate and thank... whatever/whoever made them. We can't live without you, and I specially can't live without my beloved Erica. I love you!

Well, now that the Romantic Intro (c) is over, let me introduce you to a series of Blog Posts / Guides / Articles I will be writing during the following weeks. By reading them, I expect you to understand how to deal with a couple of Mail-Server related security issues.

Security, for these guides, will mean "Anti Spam", inbound/outbound eMail control based in FROM/TO address (like an ACL for eMail), and general Relay management.

Regarding software, I will be providing examples for scenarios using Linux, Courier-MTA (my MTA of choice for the last 6 years) and Mail Avenger.

This will not be the classical "install SpamAssassin and/or MailScanner" guide, there are lots of that already on the Internet ;)

Instead, I will try to demonstrate how Corporate or Enterprise Level a Linux Mail Server can be.

Why do I say that? Simple:

• inbound/outbound ACLs are a common corporate requirement.
• SQL and LDAP for authentication is usually necessary today.
  
• Spam control is a very much needed thing.
  
• SPF (the Sender Policy Framework) is easy to implement (and excellent too!).
• and because Courier-Authlib + Courier-MTA + MailAvenger supports all that.

We will see how to implement an enterprise-based corporate Mail Server providing SQL-based authentication using PostgreSQL with a Sender/Recipient based Access Control List for inbound/outbound relay, and an RBL-based Antispam... and I will leave Antivirus as homework for two weeks after this series is over (and then provide an example of ClamAV integration to Mail Avenger).

So, now you just have to wait for my next post. It's time to start working, and I've plenty of things to do today!

UPDATE: Visitor, read the "next post" HERE.
Bye!

How can I measure my bandwidth?

Today, 1st March 2006, my ISP decided to change my internet bandwidth from 1 megabit downstream / 256 kilobits upstream to "2.5megabits".

Of course, they weren't saying how much upstream they were giving me so, instead of calling, I wanted to proactively check my internet connection.

I fired up Firefox and typed some keywords on Google Search, and got some fine results, but there was one who caught my eye: http://www.auditmypc.com/internet-speed-test.asp - It uses a Java application (by the way, I use blackdown for my Java Runtime Environment, which works perfectly along with Firefox 1.5.0.1). This java application show two nicely drawn speed-o-meters.
After testing your bandwidth, by making the Java application receive and send some data, your downstream and upstream speed is shown.

I got more than 3.2mbits downstream, and 261.5kbps upstream.

Of course, I checked this by directly plugging my cablemodem to my ethernet nic (I have a Netgear wireless router in the middle), and stopped all services that could have been eating bandwidth (The bwmon utility proves to be an excellent ally at the console when checking out these kinds of things).

So, I have to say, apart from charging me $5 less.... it works quite well! Let's see what happens in the next days.

If you have any URLs, applications or procedure that you think may be of use for these kind of situations, reply to this post!

Yours,
Arturo Busleiman