World: r3wp

[Linux] group for linux REBOL users

Simply put - starting "saslauthd -a shadow" daemon, then uncommenting 
2-3 lines in sendmail.mc, restarting sendmail, and voila, it was 
done ...
Thinking about providing my brother with some webmail option on my 
Linux server. In the past, I used simple Squirrel mail. Then I know 
some ppl do use Horde. Now my friend suggested me a Zimbra. Isn't 
Zimbra a little bit too much for just an occassional web option to 
pop3 account?
or would you move email out from your server to gmail? Does it allow 
you to host your domain?
Zimbra is overkill
I thought so - more a groupware than a simple webmail interface to 
email, right? Most of us use Thunderbird anyway, so ...
squirrel is fine .
What ftp server do you use?
under windows FileZilla, xlightftpd ...
you mean vsftpd?
ah, probably yes ... but I use old fedora, dunno if new distros use 
it still, or if it got replaced by some better/different system ...
does anyone have any idea why is this happening to me.. I setup iptables 
firewall and now my rebol send method (to SMTP on some completely 
other server) doesn't work any more..
setup file is like this: 
# iptables example configuration script 
# Let's not lock ourselves out of the server
 iptables -P INPUT ACCEPT
# Flush all current rules from iptables
 iptables -F
# Allow SSH connections on tcp port 22

# This is essential when working on remote servers via SSH to prevent 
locking yourself out of the system
 iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# Allow HTTP connections on tcp port 80
 iptables -A INPUT -p tcp --dport 80 -j ACCEPT
 iptables -A INPUT -p tcp --dport 443 -j ACCEPT
# Set default policies for INPUT, FORWARD and OUTPUT chains
 iptables -P INPUT DROP
 iptables -P FORWARD DROP
 iptables -P OUTPUT ACCEPT
# Set access for localhost
 iptables -A INPUT -i lo -j ACCEPT
# Accept packets belonging to established and related connections
 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Save settings
 /sbin/service iptables save
# List rules
 iptables -L -v
it doesn't work unless I put input on ACCEPT again (  iptables -P 
does the sending of email through external smtp require that the 
server also accepts some connection? Could it be that the delay with 
iptables is too long somehow .. I notice that ssh login works visibly 
slower when setup
what is additionally strange is that on the other VPS where I have 
the same iptables setup this works
sending email works
I tried from console too .. if firewall is all on ACCEPT it works 
.. if not this happens : 

>> send [janko-:-itm-:-gmail-:-com] "asasd asd a"                        
               Net-log: ["Opening" "tcp" "for" "esmtp"]
connecting to: secure.emailsrvr.com
** Access Error: Cannot connect to secure.emailsrvr.com
** Where: open-proto
** Near: smtp-port: open [scheme: 'esmtp]
either only
does a direct tcp connection on port 25 work?
Try adding :  iptables -A OUTPUT -i lo -j ACCEPT
On second thought, that wouldn't help. Try adding a few -j LOG rules 
to help debug.
Tested your rules here on Linux, works ok.
I can connect to remote server on port 25.
Check your DNS config and test your accesses with telnet.
Thanks for help Graham and Doc .. I wanted to reply multiple times 
but altme didn't want to accept my text and it was disconnecting 
It took me half of day of looking but I think I am close to it now.. 
when I run the script I get 

iptables: No chain/target/match by that name

and it's realted to this line:

 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

after much digging it currently it looks that the vps is missing 
"state" kernel module which is given there by -m "meaning match" 
.. I just wrote the vps host computer admin and I hope he will be 
able to enable it
you should be able to load the module yourself with modprobe etc. 
(and it's strange iptables doesn't load it automatically, i thought 
it did)
anyway... i'd recommend using something like Shorewall instead of 
coding your iptables manually. (i used to code iptables manually 
many years ago...)
(it takes some time to configure, but iptables takes some time to 
configure as well)
modprobe gives me the following error: 

FATAL: Could not load /lib/modules/2.6.24-2-pve/modules.dep: No such 
file or directory

I looked and it seems that VPS container can't access kernel modules 
.. I am still waiting for administrator because there was some linux 
conf two days now.. he should fix it today ... 

I will check out shorewall .. I need quite simple confihuration , 
no forwarding, just close everything and lock ssh to some static 
ShoreWall, MonoWall ... and the winner is - Mikrotik :-)
Petr, I'm not sure why someone would want a non-standard, hard to 
use shell over Linux, but, ok... :P
Gabriele - because Linux sucks. Because if it would be easy, Janko 
would not post his questions here. I user REBOL, because it provides 
me with simplicity to what I need to do. I use Mikrotik, because 
it is absolutly best low-cost FW/shaper/whatever, used by 90% small 
how is mikrotik easier than the above, give that they don't even 
have complete documentation on their side?
it's much harder to figure out than iptables, you can find MILLIONS 
of hits on google about iptables
Gabriele - you should know what you are talking about, no? I use 
MT for 3 years, and the docs are there, there is a forum, there is 
a wiki. It allows so much complicated stuff like traffic bonding, 
easy scheduling/shaping, mangling, scripting, virtual interfaces, 
dynamic lists, etc.  that it is not even funny to compare it to bare-bones 
Linux ....
Simply put - our example - small to middle network, 600+ wi-fi users, 
50+ MT nodes, which even lamers like me and my brother can properly 
build. Would we be possible to make it using bare-bonesLinux? Absolutly 
not. Your reaction is imo typical example of why Linux fails in the 
long run. PPl want easy solution, not guru stuff.
so, what the hell has that to do with Janko's problem (a firewall 
for his server)?
can you explain me why mikrotik supports openvpn but *only* on tcp 
and not udp? that makes no sense at all.
It might have nothing to do with Janko's problem. But - I saw you 
suggesting him ShoreWall, and in that regard I did mention Mikrotik, 
because I have experience with it, and simply put - nearly all WISP 
are using it, and that means something. Some ppl do replace Cisco's 
with it. The system is no-brainer - just insert CF with MT, boot, 
and there you go. If some node dies, you can replace it in 10 minutes, 
no virtualisation or advanced technique used, just its clever design. 
Besides that - MT is still Linux underneath ...
I find using plain linux for FW/GW purposes only as extremly bad 
idea nowadays. Of course, if your server does provide you with services 
as webhosting, then Linux is preferred.
As for OpenVPN - I don't know - it is kind of "recent" addition, 
as community screamed for it. There is l2tp, pptp, ppoe and I use 
simple pptp ....
I can give anyone demo access to my central router, to look around. 
My opinion simply is, that some things don't need to be entirely 
free, in order to be considered. And something like 30-40 USD is 
cool price ...
I lost the messages i was typing to you yesterday, and you know why? 
My internet connection does not work. Guess what is my ISP? One of 
those WISP that uses mikrotik for everything. Yes, I guess that means 
something. It means that incompetent people just damage other people's 
the issue is not whether it's free or not. the issue is that they 
are REMOVING features for no reason at all. Why not just add their 
own windows UI (that of course it's only for windows! they could 
not do like anyone else and make a web interface that works everywhere...) 
on top of a custom linux distribution that ALSO gives you the ability 
to do whatever you want with it IF you know how?
My router is a debian lenny box. I'm so much happier now that the 
mikrotik router in the antenna is just acting as a bridge and I don't 
even know it's there. less crap to learn and worry about...
i will never understand why you guys always want to make things more 
COMPLEX instead of making them SIMPLER. place RESTRICTIONS instead 
of enabling FREEDOM. i just don't get it. it's extremely frustrating 
for me.
go read Carl's blog again about people not having a clue about the 
business they run. go read Chuck Moore's interview that says the 
same thing (complexity means that we are doomed). I can't undertand 
why only so few people on this planet get it - how can everyone else 
think that more complex is better...
Gabriele - after reading your messages, I have to say one thing - 
I always have great respect for your and for your knowledge, especially 
in regards to REBOL. But your last remarks are so completly off, 
that I really wish you don't mean it for real.