Creating an ISP web and mail server in your LAN

[SAngeli]

Hello,
at home I have in my LAN a Windows PC and a server I wish to use with ubuntu server. I have Internet connection (ADSL) provided by my Telco. I have few Static IPs but I use only one for my LAN; at present time I do not wish to use a static IP for my SMTP or web. I will ask and wish to learn after I practiced locally, first.

I wish to learn what do I need (and howto) in order to create a new server that would be similar to what I would get from any ISP when I choose to get VPS server for my webhosting site.

The reason for this is to learn how to setup, in the future, a proper VPS server and also to be able to locally practice how to develop websites with CMS, static sites and so on.

These are the services I am interested in:
- Web (LAMP) + MyphpAdmin;
- Mail (with spam, virus check, webmail);
- FTP service;
- Mail notification if something goes wrong on the system
- If possible a nice web interface that would help me manage the entire server (something like cpanel or DirectAdmin or whatever could be of help).

Here is my main concern:
I know that if I do not have a public IP for my SMTP I could have frame Relay issues and won't be able to use it. For this, I know, as an example, that Nas4Free is able to send emails without any issue and all this is done behind a firewall (like in my case). This could be an excellent way and I wish to learn how to do so.
Another alternative would be to set up my local system to use an existing mail service I have from one of my providers.

Can anyone please help me getting started?

Thank you,
Spiro

[TheFu]

Most hosting providers use CentOS for their hosts, not Ubuntu.
http://www.howtoforge.com/perfect-se...er-ispconfig-3

You can probably find an Ubuntu "Perfect Server" setup there too.
Please realize that Falco doesn't always make security the primary concern, so you will end up with a working "perfect server", but don't expect it to be highly secure.

Also, I'd like to point that that almost nobody - nobody - should still be using plain FTP anymore. sftp would be much better.

[LHammonds]

Are you planning on doing all of this on one server???

I would separate the services onto individual servers and depending on your solution, you might have to.

For example, if you went with Zimbra for your mail server, it would need to be dedicated since it has its own mysql and web service you shouldn't tinker with.

You can run Zimbra as your mail server for your LAN only and later make it accessible from the entire world. You can also make sending emails from your other servers go through it. (I used "sendemail" for my scripts and point it to my zimbra server).

LHammonds

[SAngeli]

TheFu Thank you for your precious info. FTP I agree with you to go with SFTP but being inside my LAN I was not concerned. Nevertheless, yes it should only be SFTP.

LHammonds Yes, I plan on doing all these with one server as this is for learning/testing and will host just a simple site for learning. Otherwise, no. I would not do so even if when you get a VPS one would be using only one server for all services.

I found the similar article for Ubuntu server on the same website.

As I do need to first of all use it locally, and as I know a little better and more about Ubuntu I believe it would be better to start with Ubuntu. Later on, if i will opt for a VPS I can replicate most of what I have learned with CentOS. Moreover, with ubuntu I do not have a GUI console and I can manage it all from SSH. With CentOS I have never learned how to replicate the GUI interface over the network (like remode desktop or similar).

I will study what each of those packages do but wish to ask, up front, these questions:

- running on my LAN will I still need all these packages, specifically BIND DNS Server
- would "PureFTPd" allow me SFTP or do I need to install another package rather than this one?
- with this system, will I be able to use SMTP without having the frame relay issue (this is my major convern)?
- Is there an alternative to WebMail package? I do not like a lot SquirrelMail.

thank you,
Spiro

[TheFu]

TheFu Thank you for your precious info. FTP I agree with you to go with SFTP but being inside my LAN I was not concerned. Nevertheless, yes it should only be SFTP.

The default openssh server supports scp and sftp.

LHammonds

Yes, I plan on doing all these with one server as this is for learning/testing and will host just a simple site for learning. Otherwise, no. I would not do so even if when you get a VPS one would be using only one server for all services.

Splitting these things up into different VMs would be better, unless you are trying to learn how $10/month VPS services or $5/month hosting providers work. Most of these, perhaps almost all, do not run email on the same boxes they allow webhosting on.

I found the similar article for Ubuntu server on the same website.

I hoped you would. Google is amazing.

As I do need to first of all use it locally, and as I know a little better and more about Ubuntu I believe it would be better to start with Ubuntu. Later on, if i will opt for a VPS I can replicate most of what I have learned with CentOS. Moreover, with ubuntu I do not have a GUI console and I can manage it all from SSH. With CentOS I have never learned how to replicate the GUI interface over the network (like remode desktop or similar).

Using a GUI is a bad idea for server management, IMHO. Even web-guis. They just add another level of access that hackers love. The shell/CLI commands between most Linux systems do not change much, if at all, but the GUIs change all the time - just look at Ubuntu's GUI.

I will study what each of those packages do but wish to ask, up front, these questions:
- running on my LAN will I still need all these packages, specifically BIND DNS Server
- would "PureFTPd" allow me SFTP or do I need to install another package rather than this one?
- with this system, will I be able to use SMTP without having the frame relay issue (this is my major convern)?
- Is there an alternative to WebMail package? I do not like a lot SquirrelMail.

What you need depends on your specific requirements. You may or may not need any specific package. There are 1000 ways to accomplish almost anything in Linux. For example, there are 3 very popular MTAs - sendmail, postfix, exim. They all do basically the same things, but each has a purpose and places where they are better than the others. YOU need to decide which based on your requirements.

Most popular FTPd-type servers have been hacked at least once in the last 5 yrs and had back doors inserted into the source code. Once the code was reviewed ... eventually, it was corrected, but some of the inserted code was active almost a year. IMHO, no FTP server is safe. NONE.

Use the openssh server and be done with it. OpenSSH has had security flaws too, which were discovered eventually and patched quickly.

The more services that you run, the more places for hackers to get inside your systems. It is very simple math.

Frame Relay is a WAN networking technique and has NOTHING to do with these things. Only hardcore telco routing people would care about that these days. It is very unlikely that your local ISP connection makes anything about frame relay known to your connection.

For finding alternative tools/software for anything - you should google {package vs} is a good google technique, check freshmeat.net, check for wikipedia comparison articles and create a list of potential options to research more closely. Each will have pros/cons. Google "squirrelmail vs" - what does that return?

I should point out that I've been running a Zimbra server with a few email front-end gateways for over 5 yrs. Prior to that, I was a pure postfix/courier admin. Zimbra provides enterprise calendaring - which is a feature that was required. If all you want is SMTPS and IMAPS (always use SSL/TLS versions), their is no need for Zimbra. I'll never go back to POP3. Not ever.

[SAngeli]

Hi TheFu,
Quite a lot of good info you provided me with. Thanks again.
A quick clarification (in case I made a mistake):
I recall in the past having installed a mail server and when I was sending mails to users most of the were not delivered because my SMPT was behind the firewall.
So, I was told not to use this system because outer providers when receiving mail will check on the sender SMTP. It was called frame relay.
Now I do not know if I missuse this term but the concept is this one.
Can you please clarify this for me.
As you noted this point is quite important to me.


Thank you,
Spiro

[TheFu]

Hi TheFu,
Quite a lot of good info you provided me with. Thanks again.
A quick clarification (in case I made a mistake):
I recall in the past having installed a mail server and when I was sending mails to users most of the were not delivered because my SMPT was behind the firewall.
So, I was told not to use this system because outer providers when receiving mail will check on the sender SMTP. It was called frame relay.
Now I do not know if I missuse this term but the concept is this one.
Can you please clarify this for me.
As you noted this point is quite important to me.

"Open Relay" is probably the term. Google it.

Firewalls can block anything. That doesn't mean they will. When I had a residential ISP, they didn't block anything except Windows file sharing for over a decade. In 2010, they finally started blocking email (SMTP). Initially, I paid for an email forwarding service, but after a few months, it was clear that other problems were happening on that connection, so my business pays for a business connection now that doesn't block anything. Plus I have multiple public, static IP addresses.

Residential ISPs usually block in/outbound SMTP (not SMPT) to prevent email spammers. here are ways around this using an external service, but many email server people, me included, block connections from residential ISP email servers to reduce spam.

You can send outbound email from Linux using sendmail, postfix, exim or any other SMTP MTAs using the ISP email gateway server(s), if you set it up correctly. They may or may not validate the claimed domain in the FROM address. For inbound email, you'll probably need a forwarding service ... or you could simply poll almost any email service external to your LAN using something like fetchmail.

Email can be really simple or extremely complex. What is required depends on your situation and how concerned about spam that you are.

I've written about these things on my blog, jdpfu.com

[lisati]

A basic email server can be done from a dynamic IP address, but as TheFu points out, many server people take steps to block direct connections from them, and ISPs often block SMTP connections that don't go through their own servers.

My suggestion is to start small, get the basic functionality right, adding bells and whistles as needed.

[SAngeli]

Hi,
I decided to reinstall my ubuntu server install (ver 12.10).
I installed LAMP and updated the entire system.
Now I have to decide what to install and setup for my Mail services.

I know I wish to send all mail and system mail through my ISP SMTP just like what nas4free as example does (simply being configured as if it is a mail client software). If my ISP bloks this, than I will use gmail. I do not know if I would also need to receive mail, when using/simulating web development with CMS.

What should I install and setup out of these three (sendmail, postfix, exim) that would allow me this and would well integrate with CMS (like Wordpress, Joomla, Drupal)?
Here is what I have already found: an Ubuntu article.

Please let me know.
Thank you,
Spiro

[TheFu]

Hi,
I decided to reinstall my ubuntu server install (ver 12.10).

12.10 has proven to be less-than stable for many, many, people, so if you do not have a specific need for 12.10, dropping back to 12.04 server is highly, highly recommended. You'll thank me.

I installed LAMP and updated the entire system.
Now I have to decide what to install and setup for my Mail services.

I've never actually used the "LAMP" install option. I prefer to install exactly the packages I want. Only the ssh-server gets installed during that process for my machines. Too many hidden details - I do not like.

I know I wish to send all mail and system mail through my ISP SMTP just like what nas4free as example does (simply being configured as if it is a mail client software). If my ISP bloks this, than I will use gmail. I do not know if I would also need to receive mail, when using/simulating web development with CMS.

Any MTA should work with any program on Linux that needs to send email. You probably want to do a little research.
* MTA
* SMTP
* IMAP
* POP3

These are the commonly used protocols and you can have 1, 2, or 3 different programs performing these duties. MTAs - Mail Transfer Agents - speak SMTP or SMTPS. Email clients speak SMTP when sending and either IMAP/IMAPS or POP3 or POP3S when receiving/reading email. That means that most people deploy an SMTP server AND another IMAP server.

What should I install and setup out of these three (sendmail, postfix, exim) that would allow me this and would well integrate with CMS (like Wordpress, Joomla, Drupal)?
Here is what I have already found: an Ubuntu article.

I like postfix, but other people will say to only use sendmail or exim. Sendmail can do anything, so it is extremely complicated to setup in a secure way. Postfix was designed to address 98% of what sendmail can do, but with 3x more security. Exim - I really don't have a clue about it. Sorry.

Any CMS will talk to any standards-based MTA. That is the beauty of standards, so it will not matter which MTA you choose.

I think I said this previously, maybe not. I use postfix and have used Courier for IMAP. If you run your own server there is little reason to use pop3. IMAP is so much nicer, especially when you have multiple clients like a smartphone, laptop, tablet, desktop, netbook ... having the exact same view for all email clients is very nice. These are all based on standards, so if any client says they support "IMAP" then you are golden. Every client supports SMTP, so that is not an issue. Be certain to use SSL/TLS for everything - this is not the default.

Code:

postconf -n

will be a very helpful command to get postfix configured properly. Please, please do not become an open-relay. If you are, you will be blocked by most spam-blocking black lists. Getting removed is very difficult.