Thanks for your replies.
Tried all those, could see nothing useful in logs to explain. Assumed there
was a problem with my keys so scrapped them and replaced with newly
generated. Even rebooted server. It has to be something really simple and
basic - but what - I don't know. So I'll just have to leave that for a while
and tighten evrything else up.
I intend to change the ssh port.
So that's sshd_config change port 22 to the new number. iptables rule to
close 22 and open the new one. What I'd like to do is only open the new port
to traffic from my ip. But of course I have a dynamic ip from my isp so I
wonder if I set a sort of compromise rule. My current ip being
xxx.xxx.xxx.xxx (not being paranoid there - just I haven't checked it) so if
I set -s xxx.xxx.xxx.xxx/16 do you think that'd give me sufficient leeway?
I know I'm being a pain here, but after my failure with the ssh thing, I
would really welcome input. It is so easy to make a minor error which then
messes every thing up. I have set up postfix and wondered why it suddently
stopped sending me the log summaries from the logwatch cron job, then
realised I'd managed to set up an alias loop root>postmaster>root Doh!! I
thought I knew what I was doing with that!!!
--
Keith
The most dangerous strategy is to jump a chasm in two leaps.
www.westnorfolkrspca.org.uk
Forgot to say, I restarted sshd (/etc/init.d/ssh restart) before attempting
the log in
Should I have set UsePAM to no in the conf file as well. It occurs to me
that perhaps that might be pushing the password login.
Keith
--
Keith
The most dangerous strategy is to jump a chasm in two leaps.
www.westnorfolkrspca.org.uk
On 12/04/2010 16:58, Julian Templeman wrote:
>> Hi Julian,
>>
>> There are two components to a typical mail server.
[snip]
>> You will need both! As a stop-gap, typing 'mail' should allow you direct,
>> local access to the mail stored on the server without installing any
>> additional software such as dovecot.
>>
>> Hope this helps
>>
>> Tom
> OK, I'll take a look at dovecot. At the minute, 'mail'
just tells me
> 'no new mail for julian', which isn't that helpful!
>
> jt
And you have configured exim to take mail sent to X(a)Y.com
and drop it in the mailbox for your user?
Tom
Thanks to the setup guide, I've got most of what I want working now,
but I'm a bit stumped about email. I see that exim seems to be running
in my Debian VPS, I've set up an MX record, and I can send mail to
myself without it bouncing. What I've no idea about is where it ends
up, and how to access it from a mailer like mutt or pine! If anyone
has any 'setup guide' type hints to getting basic email up and
working, I'd be very grateful.
julian
(playing with his server from Mumbai!)
--
Templeman Consulting Limited
IT Consulting and Training
A big Thank You to Paul, Mathew and Robert (who replied off-list).
Lots of extremely useful tips there - I must admit, it hadn't occured to me
to set up a cron job to remove the rules after 5 minutes in case of
problems, and the startup script makes a lot of sense. Yes I did mean Secure
FTP so it will be using port 22, possibly one of the most targetted ports!
Are these posts archived? As there is so much useful info appearing here
that could help others new to Bitfolk
Keith
--
Keith
The most dangerous strategy is to jump a chasm in two leaps.
www.westnorfolkrspca.org.uk
Thank you for that, I found the firewall section very useful. I am new here,
having come from managed servers where all that was done for me, the only
time, before, that I had fiddled with iptables, I managed to lock myself out
oompletely! I need a little bit of advice. I have followed those
instructions and locked out all ipv6 and all ports except ssh. I now want to
open up port 80 for apache. I assume I just copy and edit the line from the
guide to read:
*sudo iptables --append INPUT -p tcp --dport 80 -j ACCEPT*
**
and then add that (obviously before the drop rule!). Uploading the site
files will be done through sftp, and that port is opened. What other ports
should I open? It is only going to be straight http not https and no
mailserver etc.
And if I may, one more question. I want to use public/private key login. I
read a really interesting article recently about using this with the private
key kept on a usb key for added security on a machine that others may use.
OTT for me, but do I edit the conf file for openssh to add the public key or
can I do it in the control panel (security tab). i know I could submit a
ticket to ask for it to be done, but would rather do everything myself
(that's how you learn)
Then it's just down to configuring apache and mysql, but I am a lot more
competant and confident about them
Thanks in advance
Keith Williams
--
Keith
The most dangerous strategy is to jump a chasm in two leaps.
www.westnorfolkrspca.org.uk
Maybe someone who knows more about apt-get than me can help...
I'm starting to install what I need into my new VPS (after following
Robert's very useful setup guide - thanks!) and added a backports
repository to the list. When I do an 'apt-get update', it tells me
that it has problems with a key:
W: GPG error: http://www.backports.org lenny-backports Release: The
following signatures couldn't be verified because the public key is
not available: NO_PUBKEY EA8E8B2116BA136C
And then says that 'You may want to run apt-get update to correct
these problems,' which seems a trifle circular, to say the least. A
search show several suggested fixes for this, but the ones I've tried
(apt-key update) didn't have any effect. The ones I don't understand
at all, I haven't tried :-)
Any suggestions gratefully received!
julian
--
Templeman Consulting Limited
IT Consulting and Training
>
> I don't live in UK and I maybe want to stream BBC web streams over ssh.
>
> It was illegal before the law (te-hee), but now, according to the law, "ISPs
> that fail to apply technical measures against subscribers can be fined up to
> ?250,000".
I am in the same position as you but do not think you are correct
about the current law. It is not and never has been illegal to stream
BBC content. It is against the BBC conditions. This makes it a civil
matter between the user and the BBC and not a criminal case.
On a practical note there is also the question of jurisdiction if it
becomes illegal. They would still have to take action in your country
of residence. I suspect the only realistic measure the BBC could take
is to demand that Bitfolk close the account or block the BBC. If this
were to happen Bitfolk would have little choice but to comply.
Steve
Hi John,
On Thu, April 8, 2010 8:18 am, john lewis wrote:
> I'd also like something included about using the spamd servers. My first
> attempt to use the service ended up in causing Andy lots of grief and I
> removed my settings and haven't attempted to use it since. I do get a
> fair amount of spam via my startx account so it would be nice to be able
> to prevent it getting downloade with 'real' mail
I was planning on producing something of a 'HowTo' guide for using the
spamd servers, with a particular emphasis on integration with Postfix as I
see from the archives that the question has arisen a number of times.
Perhaps someone might be able to add the Exim approach if it is not
already covered elsewhere.
I had intended to also cover post-delivery filtering using Procmail i.e.
moving tagged spam to a usere's dedicated Spam folder, deleting outright
anything that is so clearly spam it is not worth thinking about, etc.
I may try and push a draft out this weekend to see what the panel thinks.
Robert would be welcome to add it to his guide if deemed appropriate and
he/someone doesn't beat me to it.
Mathew
Hello,
Some people don't like that this list has no Reply-To: header
directed back at the list.
Whilst I believe the way it's set up is technically correct and is
what I personally prefer, I'm willing to go with whatever makes the
most people happy.
Here's a poll: http://doodle.com/bmfbsa3paah2w97a
If you care about how the list is set up, please take a moment to
submit that web form.
I'd prefer if only people who have ever actually posted to this list
participated.
And please no discussion on this matter on-list - I think everything
that's ever been said on the subject is contained in the two links
listed on the poll, and no one's mind is going to be changed. If you
absolutely must make a comment, there's a comment thing on the poll.
Thanks!
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
"I'd be happy to buy all variations of sex to ensure I got what I wanted."
-- Gary Coates (talking about cabling)
