3.3. Defining custom chains

In order to get a easier to maintain iptables script, it is handy to define some custom chains, also called user-defined chains. This way, you can gather common actions into 1 chain, then, using our target switch (-j) we will be able to send packets that match specific rules to that target.
In order to create a user-defined chain, we need to use:

Read the rest of this entry »

3. Iptables Script

OK, now that we know the really basis, let see what the script is going to look like.

In this example, I assume that eth0 is the interface connected to the Internet, eth1 is the one connected to our local network.

Read the rest of this entry »

iptables is a command line tool which allow system administrators to configure Linux packet filtering ruleset.

Using iptables, you are able to tweak packet filtering, Network Address Translation (NAT) and packet mangling which in the end are going to allow you to secure your server, share your Internet connection and log unwanted traffic.

iptables is not really what we could call an easy to get with tool, but once you know the basis, it won’t be that scary .

This tutorial will provide a sample script you can use to share your Internet access and will give an overview on how to use iptables

Read the rest of this entry »

2. Setting up apache

Okie, now we are going to set up an apache virtual host called monitoring.example.com in order to be able to access our statistics through http://monitoring.example.com url.

To do so, you need to have a working apache server. If you do not yet. Please install apache with:

$sudo apt-get install apache2

Read the rest of this entry »

Munin is a simple to configure tool that make real nice graph about your server status. It can actually deal with almost any aspect of your server (load average, network cards status, CPU usage, memory usage, postfix, exim4, mysql …) without spending much time in configuring it.

Munin produce MRTG likes graph so you can easily see how your server health is going.

Read the rest of this entry »

4. Tweaking up Postgrey

4.1. Postgrey Configuration files

There is two main configuration files in /etc/postgrey: whitelist_clients and whitelist_recipients.

In whitelist_clients, you can define a list of mail server that you do not want to greylist. Either because there are hosts that you trust, or because there are host that it is an issue to greylist.
Client addresses can be specified as follow:

Read the rest of this entry »

Greylisting is yet another way for preventing your mailbox getting full of spam. A famous spam fighter software is spamassassin which filter emails. Greylisting won’t replace such softwares but it will behave as a powerful proactive barrier which will reduce the amount of spam getting through your mail server.

Read the rest of this entry »

3. Make Postfix call Spamassassin

Now, we need to tell postfix to use spamassassin. In our case, spamassassin will be invoked only once postfix has finished with the email.

Read the rest of this entry »

Postfix is a widely used mail transport agent (MTA) used on many popular Unix/Linux systems. Nowadays, networks are overwhelmed by SPAM mail, fortunately, there is a way to filter them with software such as spamassassin.

Read the rest of this entry »

In relation to a tutorial I previously made on how-to connect to a remote mysql server by forwarding port with ssh, I found out that some distributions like debian sarge where not using a default configuration that allow you to do that by default.
People who get an error like:

ERROR 2013 (HY000): Lost connection to MySQL server during query

or

channel 3: open failed: connect failed: Connection refused

might find an answer to their problem.
Read the rest of this entry »