Local CA on Gentoo

Hi peeps,

I would like to know if someone successfully implemented a Local CA to sign services and servers using
Gentoo or other Linux.

I'm currently in a Mixed Environment (we have: Windows 2008R2, OS X Lion, Linux and FreeBSD), and I really
want a single solution, since I need certs for my servers, as example: a Postfix Mail Gateway, a W2k8 Domain
Controller, Exchange Server, Mac OS X Time Machine Server, etc.

Thanks in advance,
Vinícius

Need an advice about my Postfix Before-Queue filter

Hello ppl,

I've implemented a postfix mail filtering gateway and I have an stupid question.

How can I check if my before-queue filtering through amavisd-new is working correctly?

I can see the spam handled correctly, but I always see proxy-accept in logs. Is this correct?

As example:
Feb  1 14:50:23 ironforge postfix/smtpd[25299]: proxy-accept: END-OF-MESSAGE: 250 2.7.0 Ok,
discarded, id=25810-05 - spam; from=<atendimento <at> imailing.com.br> to=<lolcat <at> autolol.com>
proto=SMTP helo=<smtp6.hospedagem-de-site.info>
Feb  1 14:50:23 ironforge postfix/smtpd[25299]: proxy-accept: END-OF-MESSAGE: 250 2.7.0 Ok,
discarded, id=25810-05 - spam; from=<atendimento <at> imailing.com.br> to=<lolcat <at> autolol.com>
proto=SMTP helo=<smtp6.hospedagem-de-site.info>
Feb  1 14:50:50 ironforge postfix/smtpd[25353]: proxy-accept: END-OF-MESSAGE: 250 2.7.0 Ok,
discarded, id=25810-06 - spam; from=<dixsaude <at> host20.anuncioforte.com.br>
to=<lolcat <at> autolol.com> proto=ESMTP helo=<host20.anuncioforte.com.br>

A proxy-reject error should not be more reasonable?

Thanks in advance,
Vinícius Ferrão

Re: Relatively recent guide on TCP congestion-avoidance algo's & traffic shaping

On 01/07/2011 01:58, Pandu Poluan wrote:
> Another factor that made me re-think my setup is the 'strange'
> characteristics of traffic between my office and our
> brand-spankin'-new subsidiary office 14 floors below us: SSH is very
> nice, but any big file transfers (sftp, http, ftp, cifs,*anything*
> biggish) will run well only for the first 10 seconds or so, before
> slowing to a crawl (and even managed to make WinSCP complaining of 'no
> response for 15 seconds'). But the ping's have no dropped packets at
> all.

With respect to this particular syndrome, I have found the approach 
described here to be extraordinarily effective:-

http://blog.edseek.com/~jasonb/articles/traffic_shaping/scenarios.html

At the time of writing, the link appears to be down but you should able 
to access it via Google's cache.

Also, check out the tosfix() function in FireHOL, which demonstrates the 
above implementation (and happens to be the best iptables wrapper, 
imho). There's an ebuild in portage but I would advise that you 
supplement it by grabbing the latest instance of the "firehol.sh" script 
from upstream CVS.

Cheers,

--Kerin

Re:8

.. http://skin-diseases.ws43.com/ADchristmas.html?ogmailID=09ybx

Open Source Exchange alternatives

Last leg of my Postfix installation saga... SA integration?

Okay, I promise this will be the last question re: "add-ons choice"
for Postfix :-P

I've installed Postfix, activated Postscreen on the world-facing
"smtp" port, turned on TLS and SASL on the "submission" port...

... and now I come to the final steps of my installation saga:
Integrating SpamAssassin into PostFix.

Gentoo is wonderful. It gave us lots of choice. And the *huge* amount
of choice is currently overwhelming me.

So, I again implore on your admirable experiences in integrating
SpamAssassin with PostFix:

What method to use?

* spamd ?
* spampd ?
* SA + Amavisd-new as after-queue content filter?
* SA + Amavisd-new as before-queue smtpd_proxy filter?
* SA + Amavisd-new + Amavis-milter?
* SA + MIMEDefang?
...
* Other?

Thank you very much in advance.

Rgds,
--

-- 
FdS Pandu E Poluan
~ IT Optimizer ~

 • LOPSA Member #15248
 • Blog : http://pepoluan.tumblr.com
 • Linked-In : http://id.linkedin.com/in/pepoluan

Adding disclaimer to outgoing emails : alterMIME, or...?

Mailscanner or amavisd-new

Guide for postfix + amavisd-new + spamassassin + postgrey ... on postgresql?

I'm going to setup a mailfiltering gateway for my company use. After
some careful considerations, I decided to use PostgreSQL instead of
MySQL. Unfortunately, the only available mailfiltering gateway guide I
can find uses MySQL
[http://www.gentoo.org/doc/en/mailfilter-guide.xml].

In addition, I also don't need ClamAV. Just postfix + amavisd-new +
spamassassin + postgrey. With a PostgreSQL back-end.

Can someone point me to resources to implement the mailfiltering gateway?

Resources I have found up to now:
* http://www.ijs.si/software/amavisd/README.sql.txt
* http://www.ijs.si/software/amavisd/README.sql-pg.txt
* http://www.tuxj0b.de/HOWTO_Mailserver_mit_Postfix_Dovecot_Antispam_und_PostgreSQL_Backend
(I'll need to translate this first; it's in German)
* http://www.lxtreme.nl/index.pl/docs/linux/dovecot_postfix_pam (but
I'll ignore the Dovecot parts)
* http://en.gentoo-wiki.com/wiki/Complete_Virtual_Mail_Server/White_and_Black_Lists

Any other good resources?

Plus, any gotchas I should be aware of?

Rgds,
--

-- 
FdS Pandu E Poluan
~ IT Optimizer ~

 • LOPSA Member #15248
 • Blog : http://pepoluan.tumblr.com
 • Linked-In : http://id.linkedin.com/in/pepoluan

Failover-capable DNS server?

Hello all, I'm in need of some suggestions.

You see, I have 2 Internet connections with public IP addresses, let's
say ISP A 11.22.33.44 and ISP B 22.33.44.66

Now, I want outside parties trying to connect to "target.example.com"
by default resolves to 11.22.33.44, but if ISP A's connection goes
down for any reason, the DNS server will instead return "22.33.44.66".

The nameserver itself will be located in the company, accessible from
the world via "ns1.example.com" = 11.22.33.44:53 or "ns2.example.com"
= 22.33.44.66:53. This allows the nameserver to monitor the state of
the connections to ISP A and ISP B.

I've been perusing pages discussing BIND, and came to the conclusion
that BIND is incapable of doing that.

Anyone can recommend me a DNS server that has such capability? Or how
to implement this ability with maybe Python or (*shivers*) Perl?

Rgds,
--

-- 
FdS Pandu E Poluan
~ IT Optimizer ~

 • LOPSA Member #15248
 • Blog : http://pepoluan.tumblr.com
 • Linked-In : http://id.linkedin.com/in/pepoluan

Configure postfix virtual users for relaying?