This link has been bookmarked by 37 people . It was first bookmarked on 25 Apr 2006, by Richard.
-
29 Mar 15
-
19 Feb 12
-
Set your cable/DSL router to route all incoming (from the Internet) TCP traffic destined for
port 80 (Web traffic) to your Debian system. -
The port forwarding feature of a router can also be used to forward different types of Internet traffic to your server or to different devices. For example, if you were going to set up your Debian server as an e-mail server, you'd want to but in a second entry to forward port 25 (the SMTP port) traffic to your Debian server.
-
An IP camera is a stand-alone device that contains it's own internal Web server. As such it acts like a stand-alone server.
-
Because these cameras are self-contained Web servers, they are set to "listen" for requests on port 80 by default. However, port 80 is already being used by our Web server so we need to change that. This is easy to do because we have to go into the Configuration/Network setup menu in the camera in order to change the IP address anyway.
-
Note that in the above camera configuration page we set the IP address to 192.168.1.40 and set the port the camera should listen on to 8080. (You can use your own values of course.)
-
Next, we set the cable/DSL router to route port 8080 traffic to the IP camera.
-
You may have noticed that the open-ssl package also got intalled. This will allow you to play around with a Web server that has support for SSL (Secure Sockets Layer) for accepting secure transactions. However, since the servers we set up on these pages are not very secure, you wouldn't want to use this SSL server in a production environment. SSL will let you encrypt information that is submitted to the Web server, but if the underlying OS is not secure that sensitivie information can be stolen off the disk. You'd also need to get a certificate from an outfit like Thawte or Verisign in order to use the SSL capabilities of the Web server. (They offer temporary certificates for free that you can use if you want to play around with SSL.)
-
Then there's the issue of obtaining an SSL "certificate" from an outfit like Verisign and installing that on the server (and they have to be renewed annually for a fee).
-
If you're collecting or serving data that requires a secure connection, chances are the sources of that data would sue you if it ever got into the wrong hands. These types of secure servers are best left to professional hosting companies, whether they be for e-commerce or other functions. That's not to say you should never try and set up an SSL Web server. Just be prepared to do a considerable amount of studying and work. You'll need to be knowledgable not only in the areas of SSL software for Apache and server certificates, but quite a student in the area of overall Linux OS security as well.
-
There's actually two server services involved with a mail server. First, you have an MTA (Mail Transport Agent) that is responsible for exchanging mail with other mail servers and forwarding mail that is being sent by clients. This is the part that Sendmail handles (i.e. Sendmail is an MTA).
Then there's the service which allows POP clients to log in and retrieve their mail from the server. The mail messages are transferred from the user's "mailbox" (a file) on the server to their "inbox" (a file) on the user's local hard-drive. Sendmail doesn't do POP so we need to install that separately. -
The MTA service uses the SMTP (Simple Mail Transfer Protocol) protocol to transfer and forward mail. The POP service uses the POP3 (Post Office Protocol v3) to send messages from the server to the client. You'll see examples of both of these protocols in action later in this page.
-
- MTA - Mail Transport Agent The server-based application that routes mail from MUAs (clients) to other MTAs and accepts mail from other MTAs. Sendmail is the most popular MTA. Exim and Microsoft Exchange are others. MTAs use the SMTP protocol to accept and route mail from MUAs and to send/receive messages to/from other MTAs.
- MUA - Mail User Agent This is the nerd term for the e-mail reader client software run on most PCs. Common MUAs are pine and elm (UNIX/Linux), Netscape Communicator, Eudora, and Microsoft Outlook (Windows). They use the SMTP protocol to send messages and the POP protocol to retreive messages.
- SMTP - Simple Mail Transport Protocol "Protocol" is just a fancy term for "a set of rules that you have to follow". With SMTP (and many other communications protocols) the "rules" are the commands and their syntax (which you will see in action below). The SMTP protocol is a set of commands used to communicate with/between MTAs. SMTP listens on port 25.
- POP - Post Office Protocol A message retrieval protocol (commands) used to communicate with a POP service running on a mail server. The most commonly-used versions are POP2 and POP3. popd is one of the most common POP daemons run on mail servers. An MUA uses POP commands to communicate with the POP service (daemon) to retreive any messages stored in a mailbox file. IMAP (Internet Message Access Protocol) is another common message retrieval protocol. POP listens on port 110.
- MTA - Mail Transport Agent The server-based application that routes mail from MUAs (clients) to other MTAs and accepts mail from other MTAs. Sendmail is the most popular MTA. Exim and Microsoft Exchange are others. MTAs use the SMTP protocol to accept and route mail from MUAs and to send/receive messages to/from other MTAs.
-
In the case of a real mail server, it is tempting to connect your mail server to the Internet and your local LAN so that users can retrieve their mail messages directly from the server over a LAN segment. However, whenever you connect a server to an internal network and the Internet it's a security risk, acting as a bridge between the two networks.
You're better off only connecting the systems to the Internet and letting your users retreive their mail from the server over your Internet connection. The most efficient way of doing this is to set up pop clients (mail readers) on the users workstations to access the mail server using the IP address of the server's interface connected to the Internet. By using the IP address no DNS queries need to be made. If there will be a firewall between your mail server and your internal network you have to be sure to allow POP and SMTP traffic (ports 110 inbound and 25 outbound respectively) through the firewall. -
Sendmail advises against editing the sendmail.cf configuration file directly. Configuration is typically done using a utility called the "m4 processor". You place easier (somewhat) to understand statements in the sendmail.mc configuration file which m4 uses as input. Based on the statements in the sendmail.mc file m4 spits out the corresponding sendmail.cf configuration file which is read directly by Sendmail when it starts up.
-
If you run into a situation where your network clients are having problems sending e-mail you can pretend to be an e-mail client sending an e-mail by using telnet to issue SMTP commands to the server.
-
In the following example, the lines in bold are the commands you enter to pretend you're a mail client sending an e-mail message through the server.
-
inetd is the daemon that idles in the background listening to the ports that certain Internet-based service requests (POP, telnet, FTP, etc.) come in on. When it detects a request on a specific port, it calls the appropriate process (server software program) to handle the request. This is also why you won't see POP or telnet or FTP listed if you issue the command:
ps -aux -
to list all of the processes running on the server. You will however see the inetd process (daemon) running.
-
You control which ports inetd listens on by editing the /etc/inetd.conf file. A typical line in this file could look like this:
ftp stream tcp nowait root /usr/sbin/wu-ftpd
-
Note that I said the line could look like this. It likely doesn't. It probably looks like this:
ftp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/wu-ftpd
Note the additional part in blue. This tells the inetd daemon to run the tcpd program when a request comes in on the FTP port. The /usr/sbin/wu-ftpd path to the ftp daemon is used as a command line parameter to the tcpd program. The tcpd program is run first and it "calls" the wu-ftpd program.
What is tcpd? It's called a TCP "wrapper" because it runs the actual program within itself. It wraps itself around the execution of the actual program so it can watch the traffic that goes in and out of the program. It's a security tool.
When you use the tcpd wrapper program you can control it using the /etc/hosts.allow and /etc/hosts.deny files. Just as the file names imply, the TCP wrapper allows you to control who can access these services. -
This line was added to the file when you installed the wu-ftpd package above. It is simply telling the inetd daemon to run the /usr/sbin/wu-ftpd program when a request comes in on the FTP port (Port 21)
-
Setting your system up to use SSH (Secure SHell) access instead of telnet is also another good security measure as login information (username and password) are sent as clear text when using telnet.
-
-
07 Feb 11
-
19 Jul 10
-
22 Feb 10
-
30 Dec 09
-
Web (Apache) and e-mail (Sendmail) server applications
-
Daemons are applications that run in the background, waiting for some specific event to trigger them, such as an incoming request from a Web browser
-
EasyDNS to use Dynamic DNS for your domain
-
cable/DSL router to route all incoming (from the Internet) TCP traffic destined for
port 80 (Web traffic) -
Sendmail is much more widely used and much more powerful
-
there's likely a way to set up exactly what you want.
-
-
11 Sep 09
-
17 Jun 09
-
16 Jan 09
-
17 Jul 08
-
16 Jul 08
-
11 Feb 08
-
25 Jan 07
-
21 Dec 06
-
07 Aug 06
-
13 Apr 06
-
09 Sep 05
-
11 Jul 05
Would you like to comment?
Join Diigo for a free account, or sign in if you are already a member.