[Gllug] Sendmail, Firewalls, SSL...
Formi
formi at blueyonder.co.uk
Fri Jun 28 17:59:05 UTC 2002
Oh gosh, it seems that there is no way to avoid having
to have a good go at the docs. My expertise in mail servers,
wait a second that's a lie, I'm no expert in anything.
I can make postfix work, hardly, and I'm not happy with
trying to learn the oldy sendmail, when I am not comfortable
with postfix.
I might try to replace sendmail with postfix, but that
will be tricky.
Thanks for the help.
On 28 Jun 2002, Mike Brodbelt wrote:
> On Wed, 2002-06-26 at 13:10, Formi wrote:
> > On 26 Jun 2002, Mike Brodbelt wrote:
> >
> > > > I want to be able to have the mail passed through procmail,
> > > > but only for my domains and the server's owner accounts.
> > > > Not the normal POP3 users. Is that possible?
> > >
> > > What's the IMAP server? You can do this, but how will depend partly on
> > > the IMAP server.
> >
> > It's the standard rh one, the UW Imap.
>
> Can't you just use procmail as the local delivery agent then? Just make
> sure the normal pop3 guys don't have .procmailrc files.
>
> > > The way I'd do it would be to have a class defined in your sendmail.cf
> > > that maps to a hash map, and then populate that with a list of the
> > > domains you want procmail processing for. You can then have sendmail
> > > select procmail as the local delivery agent for those addresses. It;s
> > > then procmail's job to perform final delivery. This may involve procmail
> > > invoking yet another helper program to perform final delivery, if the
> > > IMAP server uses a mailstore format that procmail doesn't understand
> > > (i.e. cyrus).
> >
> >
> > Could you provide an example?
>
> Ok, you can define your procmail domains in a flat file like so:-
>
> F{Procmail_domains}/etc/mail/procmail_domains
>
> which is probably better than a hash map, thinking about it, as you're
> not storing key/value pairs.
>
> You'd then have a normal local mailer definition, and a procmail mailer
> defintion. You then need to add logic to ruleset 0 to select the
> procmail mailer if the domain part of the address is in the
> Procmail_domains class. I've got no idea what RedHat supply as a
> sendmail.cf these days, and if you're going to do this you should be
> generating your own cf file from scratch. First make sure it works, then
> add your own custom rules. You do this by adding:-
>
> LOCAL_RULE_0
>
> to your mc file, and then adding rules directly after that, which get
> incorporated into the sendmail.cf that gets built. You'd need to test
> the domain part against $={Procmail_domains} and select your mailer
> based on that.
>
> > > It's telling you the the common name presented in the IMAPS server's
> > > certificate did not match the DNS name of the machine. You'll probably
> > > need to regenerate the SSL cert to fix this. If it's a commercialy
> > > signed cert, this may cost....
> >
> >
> > I guessed that one myself, I suppose I will have to find out how to
> > create those certificate.
> >
> > They are personal sites, at least the ones I want ssl for.
> >
> > I suppose I should have made myself clear, I'm being lazy and asking
> > for the actual "implementation", like
> >
> > type "ssl -c new.certificate" # just an example.
>
> Ah.
>
> You have two options - eith use self-signed certs, or create a CA
> yourself, and use that to sign all your certs. The latter is more work,
> but you can import the CA public key into your browsers, and then you
> never have to wade through the annoying security dialog boxes about
> self-signed certs in future.
>
> Go to www.modssl.org, and in the Documentation/FAQ area you'll find
> detailed instructions on creating your own keys, certificae requests,
> CA's, and suchlike.
>
> Mike.
>
>
>
>
--
V
. . Formi
v
/ \ GZ MDK 8.2 ThinkPad 560E
// \\/
/( _ ) Linux Registered User #235743
^ ^
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list