Help....mail account

rider2 · April 29, 2011, 11:22am

Hi,

I am new to linux
I have a server with suse and I want to add a new email account.
The server is already installed and configured as a mail server
Problem is that I don’t know what mail service is running and how to find out.
I know only is POP…
Please tell me what to do…

robin_listas · April 29, 2011, 5:03pm

On 2011-04-29 11:36, rider2 wrote:
> Please tell me what to do…

Ask the administrator of that system.

–
Cheers / Saludos,

Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)

please_try_again · April 29, 2011, 5:38pm

Thanks, Carlos. This answer save us a lot of explanations.

@rider2
It’s not that easy. … and running a ‘mail server’ is a big responsibility that not so many are willing to take. We don’t know what you mean by ‘a server with suse’. If it’s a dedicaded server and you don’t know how to use it, it’s a bad start.

martin_helm · April 29, 2011, 6:19pm

It is not even clear if you are in the right forum. Your server can as well
be a SLES (SUSE Linux Enterprise Server). If that is the case you should go
to the Novell forums.
But as Carlos said, in the first place you need to know what you have or at
least you need to know whom to ask (the person who set it up or maintains
it).

rider2 · April 29, 2011, 10:36pm

ok…
the server is a dedicated server and as i know it has installed suse…i think opensuse
the server holds a network of over 50 pc’s…proxy,mail…
the person that maintained the server is no longer available and i will have to maintain it. i know it is not easy but I think I know a little about linux and i want to learn…

ok.
i figured it out how to add users for the mail service.
the server runs imapd and Squirellmail for webmail and a user made with “useradd -m username” solves this problem.
the problem that appeared is that users can connect over ssh and i do not want that.
after “chmod 777 username” user still can connect through ssh.
anyone can explain what to do to restrict ssh connection?

excuse my english but it is not my native language

martin_helm · April 29, 2011, 11:29pm

This is somewhat unrelated to your question, but I recommend you post at
least the output from


cat /etc/SuSE-release

so that everybody knows what version and what system you have (it shows id
it is openSUSE and it show the version).
To understand the ssh problem read the man pages for sshd


man sshd
man ssh_config

they are fairly complete.
To give you some starting point, there is an AllowUsers option in the
/etc/ssh/sshd_config file.
About mail server configuration I know nothing, so I leave here.
Hope it helps a little bit.

robin_listas · April 30, 2011, 1:08am

On 2011-04-29 23:06, rider2 wrote:
>
> ok…
> the server is a dedicated server and as i know it has installed
> suse…i think opensuse

You should know.

> the server holds a network of over 50 pc’s…proxy,mail…
> the person that maintained the server is no longer available and i will
> have to maintain it. i know it is not easy but I think I know a little
> about linux and i want to learn…

Sigh… You need to know a lot to maintain that. It is a nightmare even to
an experienced admin.

> ok.
> i figured it out how to add users for the mail service.
> the server runs imapd and Squirellmail for webmail and a user made with
> “useradd -m username” solves this problem.

Which means you are adding system users with access to all services, like
ssh. Typically a mail server would have a method to add mail only users.
Perhaps ldap.

The previous admin should have left documentation.

–
Cheers / Saludos,

Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)

rider2 · April 30, 2011, 2:56pm

thx for the answers
I will came with more answers monday…

rider2 · May 2, 2011, 6:51am


cat /etc/SuSE-release

SuSE Linux 9.3 (i586)
VERSION = 9.3

To understand the ssh problem read the man pages for sshd
Code:

man sshd
man ssh_config

they are fairly complete.
To give you some starting point, there is an AllowUsers option in the
/etc/ssh/sshd_config file.

I looked in sshd_config file and is no AllowUsers option.
When I created the new account I set the group the same as the other users where, and still can login over ssh.

About mail server configuration I know nothing, so I leave here.

How can I find out more about mail server? I know it runs Imap and SquirrelMail.

Typically a mail server would have a method to add mail only users.
Perhaps ldap.

Probably yes, but how to find out?

And about Yast, someone told me not to use it because it can create problems.Or Yast2.
It is installed. What problems it can create?

rider2 · May 2, 2011, 8:25am

useradd -m username -s /bin/false

blocks ssh access

DenverD · May 2, 2011, 10:38am

On 05/02/2011 07:06 AM, rider2 wrote:
>
> SuSE Linux 9.3 (i586)
> VERSION = 9.3
>

9.3 reached its end of life on April 30th 2007
cite: http://en.opensuse.org/Lifetime

my advice would be to disconnect that server from the internet…

and, leave it that way until you can assure yourself that it has no root
kit and is running a system patched to the current security level…

unless i miss my guess it is currently no where close to fully patched…

> And about Yast, someone told me not to use it because it can create
> problems. Or Yast2.

i wonder who told you that, and on what basis the advice is given…
ha, maybe it is the same person running a system over four years
unpatched system…

> It is installed. What problems it can create?

on that system, i’d suggest you could hope YaST might damaged it so much
it would no longer boot (which could be done with YaSt, but it would be
a user and not a YaST induced fault)…

no being able to boot would be a giant step in increasing security!

ymmv

–
CAVEAT: http://is.gd/bpoMD
[openSUSE 11.3 + KDE4.5.5 + Thunderbird3.1.8 via NNTP]
HACK Everything → http://www.youtube.com/watch?v=j5b4CCe9pS8&NR=1

martin_helm · May 2, 2011, 10:48am

rider2 wrote:

>
> Code:
> --------------------
> useradd -m username -s /bin/false
> --------------------
> blocks ssh access
>
Of course because it blocks every login from that user.

To come back to your ssh_config, I think you misunderstood something. Not
every option is by default already in the ssh_config file. You need to add
it. And the corresponding man page tells you what to do.

But to also come back to what you were already told - running a mail server
based on a stone age old system without security updates for 4 years is a
time bomb.
Shut it down and replace it with a modern save operating system (a newer
openSUSE or any other linux of your choice will do, there are several with a
longer life cycle, like Centos or Debian).

please_try_again · May 2, 2011, 11:26am

@rider2
Please understand that if you’re running a dedicated server with ssh and mail access without the required knowledge, you’re not just going to harm yourself but other people as well.
No offense meant.

rider2 · May 2, 2011, 12:18pm

DenverD

9.3 reached its end of life on April 30th 2007
cite: [Lifetime - openSUSE](http://en.opensuse.org/Lifetime)

my advice would be to *disconnect* that server from the internet..
and, leave it that way until you can assure yourself that it has no root
kit and is running a system patched to the current security level..
unless i miss my guess it is currently no where close to fully patched..

thx for the info

martin_helm

rider2 wrote:

&gt;
&gt; Code:
&gt; --------------------
&gt; useradd -m username -s /bin/false
&gt; --------------------
&gt; blocks ssh access
&gt;
Of course because it blocks every login from that user.

To come back to your ssh_config, I think you misunderstood something. Not
every option is by default already in the ssh_config file. You need to add
it. And the corresponding man page tells you what to do.

But to also come back to what you were already told - running a mail server
based on a stone age old system without security updates for 4 years is a
time bomb.
Shut it down and replace it with a modern save operating system (a newer
openSUSE or any other linux of your choice will do, there are several with a
longer life cycle, like Centos or Debian).

About ssh, i think is secure enough doing that way the accounts…
I understanded finally what u said…

Abous Suse:
I know it is old but I can’t install now a new one…
About security updates I don’t know if they were made…
Let’s try not to disconnect it cause I want to learn, and in time I hope I will can install a new one.
The problem is of setting it…not just installing…

I have another question:

It runs squid.
If i want to add/remove ip’s or ports squid must be restarted, in order the changes to take effect.
What chances are that squid does not restart, supposing I try not to make any mistake of writing

robin_listas · May 2, 2011, 4:20pm

On 2011-05-02 12:36, rider2 wrote:
> About security updates I don’t know if they were made…

But we now the were not >:-)

–
Cheers / Saludos,

Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)

robin_listas · May 2, 2011, 4:20pm

On 2011-05-02 10:38, DenverD wrote:
>> And about Yast, someone told me not to use it because it can create
>> problems. Or Yast2.
>
> i wonder who told you that, and on what basis the advice is given…
> ha, maybe it is the same person running a system over four years unpatched
> system…

If it is some person knowing that system, it would be because they are
using several non standard configurations. YaST, if it touches something,
would use standard.

Normally YaST refuses to touch such configurations, but there are some
exceptions, some modules do not check correctly.

–
Cheers / Saludos,

Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)

rider2 · May 2, 2011, 7:01pm

why suppose they were not? I am an optimist guy,usually

ok, about squid?can anyone tell something? even an optimist advice would help

another question: I had updated ssh on a redhat, many ears ago(redhat7.2) and it wasn’t very hard.

on suse, can I do it from command line?
or, which is the safest and easiest method?

robin_listas
If it is some person knowing that system, it would be because they are
using several non standard configurations. YaST, if it touches something,
would use standard.

I don’t think it uses non standard configurations. The person that told me that knows linux like I am…and I think he tries to avoid complications, that is why he told me to avoid yast

please_try_again

Please understand that if you're running a dedicated server with ssh and mail access without the required knowledge, you're not just going to harm yourself but other people as well.
No offense meant.

bearing that in mind I am trying to correct the problems not to harm other people , but…as I said, I am an optimist guy

I know I am a super beginner in linux, but I am trying to learn, and I don’t know other way.
again, excuse my english
smile topic

please_try_again · May 2, 2011, 7:27pm

Whenever your emails get returned to you, you can use the blip script (posted here netinfo - Read Network & PC Information into a Local Text File) to check if your IP has been blacklisted for spreading around the latest Nigerian diplomat’s inheritance story.

Then don’t become a sysadmin! lol!

The other way is to learn on your computer or lan before puting your hands on a dedicated server.

rider2 · May 2, 2011, 8:34pm

I think I had been “scanned”…i was expecting.

When I said I am optimist, I refered that I will find someone to help me learn!

About that blip script, I know it exists a site where u can put your ip address and it says if it is blacklisted on more servers. More easier.
Done that!

I have another computer with linux where I test, the server is not the only.

robin_listas · May 2, 2011, 8:20pm

On 2011-05-02 19:06, rider2 wrote:
>
> robin_listas;2333810 Wrote:
>> On 2011-05-02 12:36, rider2 wrote:
>>> About security updates I don’t know if they were made…
>>
>> But we now the were not >:-)
>
> why suppose they were not? I am an optimist guy,usually

Because the version of SuSE you have installed has been dead and buried for
several years, since 2007, thus there have been no updates pulished since
2007. So we know.

Unless the person maintaining it was a real expert, and aplied the patches
himself, which is complex and very much time consuming.

> on suse, can I do it from command line?
> or, which is the safest and easiest method?

You can not update that machine, there are no updates for dead versions.

You simply have to upgrade to 11.3 or 11.4, which is no easy task, or
install 11.4 fresh and recreate all needed services for scratch. Or, switch
to SLES, the enterprise version, that has a 5 year maintenance cycle
(that’s what I would advise).

>
>> robin_listas
>> If it is some person knowing that system, it would be because they are
>> using several non standard configurations. YaST, if it touches
>> something, would use standard.
> I don’t think it uses non standard configurations. The person that told
> me that knows linux like I am…and I think he tries to avoid
> complications, that is why he told me to avoid yast

That doesn’t match. We all use Yast precisely to avoid complications.

–
Cheers / Saludos,

Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)