Discount Web Hosting, Subdomain, Vps Hosting, J2ee Web Hosting, Programming Blog

622 Part V . Running Servers You must be able to access the server from clients, although you may only need to do so from clients within your network. In either case, you should read over the information about DNS and A records in the previous section. Common Packages Two software packages will be used by both system configurations. You ll install these programs first so that they are (mostly) ready when the system is ready to use them. . SpamAssassin (http://spamassassin.apache.org/) is a spam filtering program written in Perl. It uses a large set of rules to help determine how spammy a message looks and assigns a score based on the total of the rule values. For performance reasons, SpamAssassin uses a background daemon called spamd to perform message analysis. Access to this daemon is performed through the spamc client. A spamassassin command that performs the analysis without using spamd is also installed but is not used by either of the example configurations in this chapter. . ClamAV (http://www.clamav.net) is an open source virus scanner that detects more than 20,000 viruses, worms, and Trojans. It uses a virus pattern database to identify viruses and includes a program named freshclam that handles updating the database automatically. Like SpamAssassin, ClamAV includes a daemon (clamd), a client (clamdscan), and a second command-line tool that does not use the daemon (clamscan). The daemon is used in the sendmail setup but is not used by the Postfix setup for logistical reasons. You ll use APT to install these two programs, which are contained in the clamav and spamassassin packages: # apt-get install clamav spamassassin Debconf will ask you several questions about the configuration for ClamAV: . For the virus update method, select either Daemon or Cron. The former is best for most situations. . Select the appropriate source for the virus database. The second part of the server name is the country code, so U.S. residents will want to select db.us. clamav.net. . You may be prompted for HTTP proxy information. If you have a direct connection to the Internet, you probably don t need to enter anything here. If you re uncertain, you can ask your network administrator or the technical support at your ISP whether you need a proxy server to access Web pages. Now that the system is prepared, you can proceed to the section containing the configuration that you have selected.
Check Tomcat Web Hosting services for best quality webspace to host your web application.

Chapter 24 . Running a Mail Server 621 Once you have your A record, you can direct mail to your server using an MX (Mail eXchanger) record. The domain for the A and MX records do not need to be part of the same domain, which allows for much greater flexibility. Here is a sample MX record: widgets.test. IN MX 0 bigserver.example.org. This MX record indicates that mail for (any address)@widgets.test should be sent through the server bigserver.example.org. The 0 indicates the numeric priority for this MX record. When more than one MX record exists for a given label, the MX with the lowest priority is tried first. If a temporary error is encountered, the next highest priority mail server is tried, and so on until the list is exhausted. At that point the sending server will keep trying periodically until the message times out (generally five days). If multiple MX records exist with the same priority, they are tried in a random order. Most mail servers will also fall back on the IP address listed in the A record for a label in the event that no MX records exist. However, it is considered bad practice to rely on this. In some cases, it may be complicated to establish an A record because your IP address frequently changes. Obviously, this is not suitable for commercial purposes, but there is a workaround that is acceptably reliable for personal use. This is achieved through dynamic DNS services that are available (often at no charge) through a number of different companies. A list of these companies is maintained at http:// dmoz.org/Computers/Software/Internet/Servers/Address_Management/ Dynamic_DNS_Services/. Three of the most popular (in no particular order) are: . DynDNS.org (http://dyndns.org/), supported by the ddclient or ipcheck packages . ZoneEdit (http://zonedit.com/), supported by the ez-ipupdate package . No-IP (http://no-ip.com/), supported by the no-ip package The ez-ipupdate package supports all three of these, plus a number of others. View the package description (apt-cache search ez-ipupdate) for more information. Most of these services will provide you with a hostname under a shared domain at no charge and can also provide a similar service for your own domain for a reasonable fee. Configuring for Retrieval from a Mail Host The configuration requirements when retrieving mail from a mail host are pretty limited. Your server should be ready to accept mail addressed to localhost and should generally have a name that is unique to it. In the event that a message sent to one of your mailboxes is rejected, the server will need to have a valid host name by which to identify itself when sending out the DSN (Delivery Status Notification). Note Note
In case you need quality webspace to host and run your web applications, try our personal web hosting services.

620 Part V . Running Servers Preparing Your System You will need a few common items for either configuration, starting with the proper hardware. A personal mail server can easily run on a Pentium-class computer, although you may notice occasional slowdowns while incoming messages are being scanned. Disk space requirements depend mostly on how much mail you want to have room for, so plan on having a few gigabytes for the operating system (which will leave you plenty of extra, just in case), plus the amount of mail you want to store. The operating system should be installed with only the basic set of packages before you begin these examples. Some general information about the installation is provided in Chapter 9. Although the software described in this chapter works even if you aren t running Debian, the installation methods will not. If you don t have a spare system to act as a dedicated mail server, you can still use it as your workstation, although this is obviously recommended only for personal use. Network Configuration Your network settings should also be properly configured before you begin installing the mail software. The exact requirements depend on the method by which mail will be delivered to your server: . Direct delivery is the method used by most traditional mail servers. DNS records tell remote servers that any mail addressed to your domain should be sent to your server via SMTP. . Retrieval from a mail host is also possible using an MRA (Mail Retrieval Agent) such as Fetchmail. This option can be used when you have a mailbox under a shared domain but want to access the mail on your own server. This can also be done in combination with direct delivery if you have both your own domain and mailboxes under shared domains. Configuration of Fetchmail is explained in the Configuring Mail Clients section of this chapter. Configuring for Direct Delivery For direct delivery to function, the SMTP service (TCP port 25) must always be accessible to the outside world through a fixed name in DNS. This name will be in the form of an A (Address) record. A records allow DNS resolver processes to determine the IP address associated with a specific name and are used by most of the common protocols on the Internet. A typical DNS A record looks something like this: bigserver.example.org IN A 1.2.18.12 The first parameter, bigserver.example.org, is the label, and the second parameter is the class (IN for Internet, which is where most DNS records are found). The A indicates the type, and the final parameter is the IP address associated with the label. Note
We recommend cheap and reliable webhost to host and run your web applications: Coldfusion Web Hosting services.

Chapter 24 . Running a Mail Server 619 Server Configuration Options This section examines two different server configurations. Both configurations provide the same basic features (mail delivery, complete with spam and virus filters) but do so in very different ways. Read the descriptions, decide which configuration is right for you, and then proceed to the Preparing Your System section for information about how your system should be configured before you begin the mail system installation. The features available in these two configurations are a result of how they re being configured and not a result of a lack of features in either sendmail or Postfix. Both programs support nearly the same set of features. The choice of which to configure in what manner was completely arbitrary for the examples in this chapter, and the diversity is intended to help broaden your experience with mail systems. The first configuration demonstrated is based on sendmail, which provides the MTA and MDA functions. Mail retrieval is provided by Qpopper using the POP3 protocol. Direct access to mailboxes is also available using Mutt. All content filtering (spam and virus) takes place before messages are accepted by the server. With the exception of the spam and virus filtering, this is a configuration that you will find on most traditional mail servers. This configuration is suitable for situations in which the following apply: . Users will be downloading messages directly to their systems for viewing. Optionally, Mutt can be installed to allow users to check new messages through SSH (secure shell) connections when they are not at their workstation. . Conditions (business or otherwise) require that the server administrator have the capability to control acceptable message content. The second configuration is based on Postfix, which provides the MTA and remote MDA functions. Local MDA functions, including calls to the content filters and sorting, are provided by maildrop. Mail access is provided through the IMAP facilities in courier-imap. This configuration is suitable for situations in which the following apply: . Messages may be left on the server to allow central backups. . The capability to access all messages remotely is desirable. . Individualized content filter settings are desirable. This second option is great for home systems on broadband connections. As long as your Internet service provider will permit it, you can use your own mail server and get to your mail whether you re at home or away. If you do not have an always-on connection, you can still use this method to run a mail server that is accessible to machines within your own network. Note Note
We recommend you use shared web hosting services, because many users agree that it is cheap, reliable and customer-satisfying webhost.

618 Part V . Running Servers . SMTP The Simple Mail Transfer Protocol is a network-based protocol that allows for transmission of messages between systems. . Local IPC Interprocess communications are often used instead of SMTP when transferring a message between programs within a system. Upon receiving a message, the MTA places it in a queue to be processed by an MDA (Mail Delivery Agent). Mail Delivery Agents come in two varieties: . Local MDAs, which deliver messages to mailboxes on the local server. Simple versions (such as sendmail s mail.local) copy messages directly to a specified mailbox, while complex implementations (such as procmail and maildrop) can alter messages or delivery parameters based on user-specified rules. . Remote MDAs, which deliver messages over the network to remote servers. Full remote MDAs use DNS (the Domain Name System) to determine the mail exchanger hosts for recipient addresses and deliver to the best one available for each. Simple remote MDAs (sometimes also called null clients ) forward messages to a central server to continue the delivery process. Most remote MDAs are capable of either method and will act as configured by the administrator that performed the configuration. You will often see the term MTA used in reference to the software that performs both MTA and MDA functions. This is a carry-over from older designs that did not separate the functions and is still fairly accurate given the fact that most mail server implementations include a minimum of an MTA, remote MDA, and basic local MDA. When a message reaches its destination server, it is written to the user s mailbox by the local MDA. From that point, the message may be viewed by the user using one of three methods: . Direct access to the mailbox An MUA (Mail User Agent) with access to the mailbox file, directly or through a network file system, can read messages from the disk and display them for the user. This is generally a console or webmail application running on the server. . Downloaded to a workstation for local viewing Most mail users use POP3 (Post Office Protocol, version 3) to download messages to their local computers and view them in applications such as Evolution or Balsa. By default, messages are removed from the server during this process (similar to when you get your snail mail from the mailbox). . Accessed interactively over the network Most clients also support viewing messages while they are still on the server, through IMAP (Internet Message Access Protocol). Unlike POP3, this protocol enables users to access multiple folders on their servers and also allows them to access their messages from anywhere. However, this also creates a heavier burden on the server because it must process (and store) everything that the user decides to keep. Most webmail applications use IMAP as their backend protocol for accessing mailboxes; this eliminates the need for direct access to the mail files and makes it easier to split functions between systems. Note
Note: If you are looking for cheap and reliable webhost to host and run your mysql application check mysql web server services.

Running a Mail Server Electronic mail hardly requires introduction. Communications made through the original forms of e-mail helped shape the Internet. Widespread availability of access to e-mail and modern enhancements such as MIME (Multipurpose Internet Mail Extensions, which allow for inclusion of attachments and alternate message formats) have helped to make e-mail the most popular application on the Internet. With a Linux system and a suitable Internet connection, you can easily set up your own mail server for personal or business use. This chapter presents two mail-system configurations, compares their features so that you can select the one that best suits your needs, and then guides you through the installation processes. In the final section, you learn how to secure network communications between clients and a Postfix-based server through the use of SSL/TLS (Secure Sockets Layer and Transport Layer Security protocols). The examples in this chapter are based on a Debian GNU/Linux system. (See Chapter 9 for more information about Debian.) However, much of the knowledge you gain from setting up a mail server in Debian (such as the way you would configure a sendmail.mc file) applies to other Linux systems as well. Internet E-Mail s Inner Workings E-mail messages are generated either by an automated process, such as a form processor on a Web page or an automated notification system, or by an MUA (Mail User Agent) controlled by an end user. Messages are delivered through one of two methods to the software performing the MTA (Mail Transfer Agent) function on a server: 2C H A4P4T E R . . . . In This Chapter Understanding Internet e-mail Configuring your mail server Running sendmail Running Postfix Testing your mail server Configuring mail clients Securing communications . . . .
You need excellent and relaible webhost company to host your web applications? Then pay a visit to Inexpensive Web Hosting services.

616 Part V . Running Servers This example uses a wildcard for the IP address in the VirtualHost declaration, which saves you from having to modify your configuration file in the event that your IP address changes but will also prevent you from having multiple SSL virtual hosts. In the event that you do need to support more than one SSL virtual host, replace * with the specific IP address that you assign to that host. See the Troubleshooting section earlier in the chapter for more information about the Listen directive. A CA generally provides you with a certificate file to place in ca.crt and sometimes also provides you with a separate file that you will need to reference using a SSLCertificateChainFile directive. The mod_ssl package also includes an /etc/apache/ssl.crt/ca-bundle.crt, which contains the certificates from most of the well-known certificate authorities and can be referenced as long as the appropriate CA certificate is included. When running your own CA, point this directive to a file containing the public key from that CA. Omit this line when using a self-signed certificate. 3. Test the Apache configuration and then perform a full restart: # apachectl configtest Syntax OK. # apachectl stop # apachectl start 4. Browse to https://servername/ and verify the SSL configuration. When using a self-signed certificate, or one signed by a CA, you will be asked whether you want to accept the certificate. Summary Combining Linux with an Apache Web server, MySQL database, and PHP scripting content (referred to as a LAMP server) makes it possible for everyone to configure their own full-featured Web server. By following the instructions in this chapter, you learned how to set up Apache to do virtual hosting, add content to a MySQL database, and allow PHP scripting in the content on your server. For added security, this chapter described how to add your own certificates and troubleshoot problems that might arise with your server. . . . Note
If you are looking for cheap and quality webhost to host and run your website check Jboss Web Hosting services.

Chapter 23 . Running a Linux, Apache, MySQL, and PHP (LAMP) Server 615 The Common Name should match the name that clients will use to access your server. Be sure to get the other details right if you plan to have the CSR signed by a third-party CA. 5. When using a third-party CA, submit the CSR to it and then place the certificate it provides you into /etc/apache/ssl.crt/server.crt (or a different file, as desired). 6. If you don t plan to have your certificate signed, or if you want to test your configuration, generate a self-signed certificate and save it in a file named server.crt: # cd ../ssl.crt/ # openssl req new -x509 -nodes -sha1 -days 365 -key ../ssl.key/server.key -out server.crt Country Name (2 letter code) [AU]:. State or Province Name (full name) [Some-State]:. Locality Name (eg, city) []:. Organization Name (eg, company) [Internet Widgits Pty Ltd]:TEST USE ONLY Organizational Unit Name (eg, section) []:TEST USE ONLY Common Name (eg, YOUR name) []:secure.example.org Email Address []:dom@example.org Configuring Apache to Support SSL/TLS Once your keys have been generated, you will need to install the mod_ssl Apache module, which adds SSL/TLS support to Apache and then configure it using the appropriate configuration directives. Here s how: 1. SSL and TLS support can be added to Apache by installing the mod_ssl package: # apt-get install libapache-mod-ssl # apache-modconf apache enable mod_ssl Replacing config file /etc/apache/modules.conf with new version 2. Add an SSL-enabled virtual host to your Apache configuration files. Using the earlier virtual host as an example, your configuration will look something like this: Listen *:443 ServerName secure.example.org DocumentRoot /home/username/public_html/ User username Group groupname DirectoryIndex index.php index.html index.htm SSLEngine On SSLCertificateKeyFile /etc/apache/ssl.key/server.key SSLCertificateFile /etc/apache/ssl.crt/server.crt SSLCACertificateFile /etc/apache/ssl.crt/ca.crt
In case you need quality webspace to host and run your web applications, try our personal web hosting services.

614 Part V . Running Servers The following procedure describes how to generate and use SSL keys with the LAMP server (running on a Debian GNU/Linux system) configured in this chapter. For a general discussion of SSL keys and procedures specific to Fedora and other Red Hat Linux systems, refer to Chapter 6. Generating Your Keys To begin setting up SSL, use the openssl command, which is part of the OpenSSL package, to generate your public and private key: 1. Use APT to verify that OpenSSL is installed. If it is not present, APT will download and install it automatically: # apt-get install openssl 2. Generate a 1024-bit RSA private key and save it to a file: # cd /etc/apache/ssl.key/ # openssl genrsa -out server.key 1024 # chmod 600 server.key You can use a filename other than server.key and should do so if you plan to have more than one SSL host on your machine (which requires more than one IP address). Just make sure you specify the correct filename in the Apache configuration later. In higher-security environments, it is a good idea to encrypt the key by adding the -des3 argument after the genrsa argument on the openssl command line: # openssl genrsa -des3 -out server.key 1024 3. You are asked for a passphrase, which will be needed every time you start Apache. Do not lose this passphrase because it cannot be easily recovered. 4. If you plan to have your certificate signed by a CA (including one that you run yourself), generate a public key and a certificate signing request (CSR): # cd ../ssl.csr/ # openssl req -new -key ../ssl.key/server.key -out server.csr Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:Washington Locality Name (eg, city) []:Bellingham Organization Name (eg, company) [Internet Widgits Pty Ltd]:Example Company, LTD. Organizational Unit Name (eg, section) []:Network Operations Common Name (eg, YOUR name) []:secure.example.org Email Address []:dom@example.org Please enter the following extra attributes to be sent with your certificate request A challenge password []: An optional company name []: Note
From our experience, we can recommend PHP Web Hosting services, if you need affordable webhost to host and run your web application.

Chapter 23 . Running a Linux, Apache, MySQL, and PHP (LAMP) Server 613 During connection establishment between an SSL client and an SSL server, asymmetric (public key) cryptography is used to verify identities and establish the session parameters and the session key. A symmetric encryption algorithm, such as DES or RC4, is then used with the negotiated key to encrypt the data that are transmitted during the session. The use of asymmetric encryption during the handshaking phase allows safe communication without the use of a preshared key, and the symmetric encryption is faster and more practical for use on the session data. In order for the client to verify the identity of the server, the server must have a previously generated private key, as well as a certificate containing the public key and information about the server. This certificate must be verifiable using a public key that is known to the client. In some cases, the server also requires the client to present a certificate that it can verify. However, this is not commonly found on Web servers, except in high-security environments with smaller numbers of clients, where the management of certificates is more practical. More information about the SSL protocol can be found at http://developer.netscape.com/docs/manuals/security/sslin/ contents.htm. Certificates are generally digitally signed by a third-party certificate authority (CA) that has verified the identity of the requester and the validity of the request to have the certificate signed. In most cases, the CA is a company that has made arrangements with the Web browser vendor to have its own certificate installed and trusted by default client installations. The CA then charges the server operator for its services. Commercial certificate authorities vary in price, features, and browser support, but remember that price is not always an indication of quality. Some common ones include InstantSSL (www.instantssl.com), Thawte (www.thawte.com), and VeriSign (www.verisign.com). You also have the option of creating self-signed certificates, although these should only be used for testing or when a very small number of people will be accessing your server and you do not plan to have certificates on multiple machines. Directions for generating a self-signed certificate are included in the following section. The last option is to run your own certificate authority. This is probably only practical if you have a small number of expected users and the means to distribute your CA certificate to them (including assisting them with installing it in their browsers). The process for creating a CA is too elaborate to cover in this book but is a worthwhile alternative to generating self-signed certificates. Guides on running your own CA can be found at these sites: . http://pseudonym.org/ssl/ssl_cook.html . http://sial.org/howto/openssl/ca/ Note
Note: In case you are looking for affordable and reliable webhost to host and run your j2ee application check Vision J2ee Web Hosting services.