DOCSLIB.ORG

Qmail Installation Guide

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Qmail Installation Guide qmail installation guide Mark Pustjens The Mindlab Hosting 3rd September 2004 qmail installation guide an extensive guide to setup a complete qmail based MDA Mark Pustjens 3rd September 2004 List of adresses Mark Pustjens C. de Houtmanstraat 18 6045 HP Roermond 06-50412316 email: [email protected] The Mindlab Hosting Mestreech 1234 ab I Preamble This guide will describe howto install a qmail based email server, com- plete with virtual domains, pop3, imap, spamassasin and mailinglist (for now). You should be able to use this guide with OpenBSD, FreeBSD and Redhat Linux. II Contents List of Tables VII 1 TODO 1 2 Preparations 2 2.1 Conventions . 2 2.2 Hardware requirements . 2 2.3 Software requirements . 2 2.3.1 Linux . 3 2.3.2 OpenBSD . 3 2.4 Software you need . 3 2.4.1 qmail 1.03 . 3 2.4.2 ucspi-tcp 0.88 . 4 2.4.3 ucspi-ssl 0.68 . 4 2.4.4 daemontools 0.76 . 4 2.4.5 vpopmail 5.4.5 . 4 2.4.6 Courier-IMAP 3.0.7 . 4 2.4.7 Procmail 3.22 . 5 2.4.8 Spamassassin 3.00 . 5 3 Installing the core packages: qmail, ucspi-tcp and daemon- tools 6 3.1 Obtaining the source . 6 3.2 Installing ucspi-tcp . 6 3.2.1 Compiling . 6 3.3 Installing daemontools . 7 3.3.1 Compiling . 7 3.3.2 Installing . 8 3.4 Some notes on daemontools . 10 3.4.1 supervise . 10 3.4.2 softlimit . 10 3.4.3 svc . 11 3.5 Compiling and Installing qmail . 11 III 3.5.1 Compiling . 11 3.5.2 Installing . 12 3.6 Replacing the old MTA . 17 3.7 Testing what we have . 18 3.7.1 Checking the daemons . 18 3.7.2 Sending test messages . 19 3.8 Conclusion . 24 4 Adding services 25 4.1 Overview . 25 4.2 Vpopmail . 25 4.2.1 Compiling and installing vpopmail . 25 4.2.2 Configuring vpopmail . 27 4.2.3 Testing vpopmail . 28 4.2.4 Creating the localhost as virtual domain . 28 4.3 Pop3 . 29 4.3.1 Service scripts . 29 4.3.2 Testing the pop3 server . 29 4.4 IMAP . 30 4.4.1 Compiling Courier-IMAP . 30 4.4.2 Configuring Courier-IMAP . 32 4.5 Conclusion . 34 5 Securing services 35 5.1 Overview . 35 5.2 Certificates . 35 5.3 Installing ucspi-ssl . 36 5.3.1 Compiling . 36 5.3.2 Installing . 37 5.4 Securing SMTP . 37 5.4.1 Receiving messages, qmail-smtpd . 37 5.4.2 Sending messages, qmail-remote . 43 5.5 Securing Pop3 . 44 5.5.1 Configuring POP3 over SSL . 44 5.5.2 Testing POP3 over SSL . 44 5.6 Securing IMAP . 45 5.6.1 Configuring IMAP over SSL . 45 5.6.2 Testing IMAP over SSL . 45 5.7 Conclusion . 46 6 Mail Filtering 47 6.1 Procmail . 47 6.1.1 Installing . 47 6.1.2 Global Filter . 48 IV 6.1.3 Testing the filter . 49 6.2 Basic Spamassassin Filter . 50 6.2.1 Installing . 51 6.2.2 configuring spamd . 53 6.2.3 Adding spamc to the mail delivery process . 55 6.2.4 Testing Spamassassin . 55 6.3 Conclusion . 56 Bibliography I A OpenBSD fstab II B svscanboot III C /var/qmail/rc IV D /var/qmail/bin/qmailctl V E qmail service scripts, qmail-smtpd and qmail-send XII E.1 /var/qmail/supervise/qmail-send/run . XII E.2 /var/qmail/supervise/qmail-send/log/run . XII E.3 /var/qmail/supervise/qmail-smtpd/run . XII E.4 /var/qmail/supervise/qmail-smtpd/log/run . XIII F vpopmail.mysql XIV G vlimits.default XV H qmail service scripts, qmail-pop3d XVII H.1 /var/qmail/supervise/qmail-pop3d/run . XVII H.2 /var/qmail/supervise/qmail-pop3d/log/run . XVII I qmail service scripts, courier-imapd XVIII I.1 /var/courier-imap/supervise/courier-imapd/run . XVIII I.2 /var/courier-imap/supervise/courier-imapd/log/run . XVIII J SMTP AUTH Extension example XIX K qmail service scripts, qmail-smtpsd XXI K.1 /var/qmail/supervise/qmail-smtpsd/run . XXI K.2 /var/qmail/supervise/qmail-smtpsd/log/run . XXI L qmail service scripts, qmail-pop3sd XXII L.1 /var/qmail/supervise/qmail-pop3sd/run . XXII L.2 /var/qmail/supervise/qmail-pop3sd/log/run . XXII V M qmail service scripts, courier-imapsd XXIII M.1 /var/courier-imap/supervise/courier-imapsd/run . XXIII M.2 /var/courier-imap/supervise/courier-imapsd/log/run . XXIII N mail filter scripts XXIV N.1 procmailrc . XXIV N.2 qmail-users . XXVI N.3 qmail-procmail . XXVI O spamassassin service script, spamd XXVII O.1 /var/spamassassin/supervice/spamd/run . XXVII O.2 /var/spamassassin/supervice/spamd/log/run . XXVIII P Installing DBD::mysql using CPAN XXIX Q Spamassassin configuration file XXX R spamassassin procmail recipe XXXIII VI List of Tables 3.1 qmail groups . 12 3.2 qmail users . 13 VII Chapter 1 TODO This is a list of TODO items. You’ll also find TODO items throughout this manual. • qmail-smtpd: tcpserver realblacklist? rblsmtpd (ucspi-tcp). dit moet aan want skip rbl checks in spamassassin staat uit • /var/qmail/queue on seperate filesystem with small blocksize and no softupdates • max DATABYTES to limit email size, man qmail-smtpd • systeem aliassen naar mailinglist sturen. • qmail linken met lib syncdir, of patchen met de fsync patch, qmail wordt veiliger op een fs met soft updates. • script maken om logs makkelijk te bekijken • !!! qmail-maildir++ patch !!! • qmail-remote in ssl wrappen mbv script. als geen ssl beschikbaar is automatische fallback naar gewoon smtp • STARTTLS hoeft niet gebruikt te worden als smtp ook in ssl gewrapped word, dit is dubbelop • vermelden de de source bewaard MOET blijven na het installeren. • tcpserver-mysql patch gebruiken? hiermee kunnen de access databases in mysql gezet worden. Of alleen de access db voor smtpd? • andere database naam voor alle tabellen • qqtool voor queue management. 1 Chapter 2 Preparations 2.1 Conventions Do to the nature of what we are about to do, you should use extreme care with any command you use. Also, in this document we assume you will be using a test server, this reduces any risk to zero if you make any mistake. 2.2 Hardware requirements Qmail is able to run on almost all kinds of hardware, provided a UNIX OS runs on it. 2.3 Software requirements Your system must meet the following requirements. • Qmail is designed to run on any Unix or Unix-like operating system. Qmail’s licence requires it to distributed in source format which means you need a standard C compiler. • Storage space is no longer a problem on modern systems. You’ll need at least 30 to 40 Megabytes of space for the sources and just a little more for building the sources. • A running mySQL server. Although this is not needed for qmail itself, the IMAP server and virtual domains support package we will install do need this. • To be able to use the security features you need an openssl compatible SSL library. Although not necessairy, the following is recommended. 2 CHAPTER 2. PREPARATIONS 3 • Qmail was designed for highly connected systems. Although there are solutions for systems with low availability of an internet connection, a stable connection is recommended. • The filesystem should perform link() calls synchronously. This will prevent loss of email on a system failure, as all data is immidiately written to the disk without delay. • I possible, a seperate filesystem for qmail’s queue and mailstore. This filesystem should be equiped with a small blocksize1. This filesystem should also have a large amount of inodes, increasing the amount of files which can be stored on the filesystem. 2.3.1 Linux If you are using a seperate filesystem for the queue and mailstore, you can speed up disk access a bit by using the following mount options for that filesystem: • noatime; do not update access times. • sync; no caching, this not needed with the syncdir library, reduces performance 2.3.2 OpenBSD If you are planning to install qmail on a system running OpenBSD 3.2 and higher, you need to disable the “nosuid” mount option for the filesystem on which qmail will reside. You can remove this option by editing /etc/fstab. An example is provided in appendix A. 2.4 Software you need The following software packages are used in this guide. 2.4.1 qmail 1.03 Qmail is the set of applications which together make up the mail server. Besides the main qmail package we will need some patches to extend and fix various parts of qmail. • qmail-queue patch • sendmail -f flag patch 1Email files are typically very small. With a small blocksize less space is wasted. CHAPTER 2. PREPARATIONS 4 • qmail 0.0.0.0 patch • qmail-local patch • qmail glibc errno patch • qmail identity = netqmail patch • qmail 64bit compatibility patch • qmail-smtpd patch • qmail AUTH and STARTTLS patch Most of those patches are distributed together with qmail in the netqmail distribution[2]. The instructions in this manual are based on the netqmail distribution. 2.4.2 ucspi-tcp 0.88 This package contains serveral utilities to modularize a tcp server/client environment. 2.4.3 ucspi-ssl 0.68 This package contains SSL enabled versions of the programs in the ucspi-tcp package. We will use those programs to setup SSL wrapped version of the services. 2.4.4 daemontools 0.76 Daemontools is a set of applications to manage services, or daemons.
Load more

Recommended publications
  • Analysis and Performance Optimization of E-Mail Server
    Analysis and Performance Optimization of E-mail Server Disserta¸c~aoapresentada ao Instituto Polit´ecnicode Bragan¸capara cumprimento dos requisitos necess´arios `aobten¸c~aodo grau de Mestre em Sistemas de Informa¸c~ao,sob a supervis~aode Prof. Dr. Rui Pedro Lopes. Eduardo Manuel Mendes Costa Outubro 2010 Preface The e-mail service is increasingly important for organizations and their employees. As such, it requires constant monitoring to solve any performance issues and to maintain an adequate level of service. To cope with the increase of traffic as well as the dimension of organizations, several architectures have been evolving, such as cluster or cloud computing, promising new paradigms of service delivery, which can possibility solve many current problems such as scalability, increased storage and processing capacity, greater rationalization of resources, cost reduction, and increase in performance. However, it is necessary to check whether they are suitable to receive e-mail servers, and as such the purpose of this dissertation will concentrate on evaluating the performance of e-mail servers, in different hosting architectures. Beyond computing platforms, was also analze different server applications. They will be tested to determine which combinations of computer platforms and applications obtained better performances for the SMTP, POP3 and IMAP services. The tests are performed by measuring the number of sessions per ammount of time, in several test scenarios. This dissertation should be of interest for all system administrators of public and private organizations that are considering implementing enterprise wide e-mail services. i Acknowledgments This work would not be complete without thanking all who helped me directly or indirectly to complete it.
    [Show full text]
  • Linux E-Mail Set Up, Maintain, and Secure a Small Office E-Mail Server
    Linux E-mail Set up, maintain, and secure a small office e-mail server Ian Haycox Alistair McDonald Magnus Bäck Ralf Hildebrandt Patrick Ben Koetter David Rusenko Carl Taylor BIRMINGHAM - MUMBAI This material is copyright and is licensed for the sole use by Jillian Fraser on 20th November 2009 111 Sutter Street, Suite 1800, San Francisco, , 94104 Linux E-mail Set up, maintain, and secure a small office e-mail server Copyright © 2009 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. First published: June 2005 Second edition: November 2009 Production Reference: 1051109 Published by Packt Publishing Ltd. 32 Lincoln Road Olton Birmingham, B27 6PA, UK. ISBN 978-1-847198-64-8 www.packtpub.com
    [Show full text]
  • The Qmail Handbook by Dave Sill ISBN:1893115402 Apress 2002 (492 Pages)
    < Free Open Study > The qmail Handbook by Dave Sill ISBN:1893115402 Apress 2002 (492 pages) This guide begins with a discussion of qmail s history, architecture and features, and then goes into a thorough investigation of the installation and configuration process. Table of Contents The qmail Handbook Introduction Ch apt - Introducing qmail er 1 Ch apt - Installing qmail er 2 Ch apt - Configuring qmail: The Basics er 3 Ch apt - Using qmail er 4 Ch apt - Managing qmail er 5 Ch apt - Troubleshooting qmail er 6 Ch apt - Configuring qmail: Advanced Options er 7 Ch apt - Controlling Junk Mail er 8 Ch apt - Managing Mailing Lists er 9 Ch apt - Serving Mailboxes er 10 Ch apt - Hosting Virtual Domain and Users er 11 Ch apt - Understanding Advanced Topics er 12 Ap pe ndi - How qmail Works x A Ap pe ndi - Related Packages x B Ap pe ndi - How Internet Mail Works x C Ap pe ndi - qmail Features x D Ap pe - Error Messages ndi x E Ap pe - Gotchas ndi x F Index List of Figures List of Tables List of Listings < Free Open Study > < Free Open Study > Back Cover • Provides thorough instruction for installing, configuring, and optimizing qmail • Includes coverage of secure networking, troubleshooting issues, and mailing list administration • Covers what system administrators want to know by concentrating on qmail issues relevant to daily operation • Includes instructions on how to filter spam before it reaches the client The qmail Handbook will guide system and mail administrators of all skill levels through installing, configuring, and maintaining the qmail server.
    [Show full text]
  • Domain Name Systems-Based Electronic Mail Security
    DRAFT NIST CYBERSECURITY PRACTICE GUIDE DOMAIN NAME SYSTEMS-BASED ELECTRONIC MAIL SECURITY How-To Guides For Security Engineers Scott Rose William Barker Santos Jha Chinedum Irrechukwu Karen Waltermire NIST SPECIAL PUBLICATION 1800-6C DRAFT NIST Special Publication 1800-6C NIST Cybersecurity Practice Guide DOMAIN NAME SYSTEMS- BASED ELECTRONIC MAIL SECURITY 1800-6C Scott Rose How-To Guides Information Technology Laboratory For Security Engineers National Institute of Standards and Technology William C. Barker Dakota Consulting Silver Spring, MD Santos Jha Chinedum Irrechukwu The MITRE Corporation McLean, VA Karen Waltermire National Cybersecurity Center of Excellence National Institute of Standards and Technology November 2016 U.S. Department of Commerce Penny Pritzker, Secretary National Institute of Standards and Technology Willie May, Under Secretary of Commerce for Standards and Technology and Director DRAFT DISCLAIMER Certain commercial entities, equipment, products, or materials may be identified in this document in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by NIST or NCCoE, nor is it intended to imply that the entities, equipment, products, or materials are necessarily the best available for the purpose. National Institute of Standards and Technology Special Publication 1800-6C Natl Inst. Stand. Technol. Spec. Publ. 1800-6C, 144 pages (November 2016) CODEN: NSPUE2 Organizations are encouraged to review all draft publications during
    [Show full text]
  • Wazuh Ruleset
    [email protected] https://wazuh.com Wazuh Ruleset Rule Description Source Updated by Wazuh apache Apache is the world's most used web server software. Out of the box ✔ AppArmor is a Linux kernel security module that allows the system administrator to restrict programs's capabilities with per -program apparmor Out of the box ✔ profiles. arpwatch ARPWatch is a computer software tool for monitoring Address Resolution Protocol traffic on a computer network. Out of the box ✔ asterisk Asterisk is a software implementation of a telephone private branch exchange (PBX). Out of the box ✔ attack_rules.xml Signatures of different attacks detected by Wazuh Out of the box ✔ cimserver Compaq Insight Manager Server Out of the box ✔ cisco-ios Cisco IOS is a software used on most Cisco Systems routers and current Cisco network switches. Out of the box ✔ Clam AntiVirus (ClamAV) is a free and open-source, cross-platform antivirus software tool-kit able to detect many types of malicious clam_av software. Out of the box ✔ courier IMAP/POP3 server Out of the box ✔ dovecot Dovecot is an open-source IMAP and POP3 server for Linux/UNIX-like systems, written primarily with security in mind. Out of the box ✔ Dropbear is a software package that provides a Secure Shell-compatible server and client. It is designed as a replacement for standard dropbear OpenSSH for environments with low memory and processor resources, such as embedded systems. Out of the box ✔ FirewallD provides a dynamically managed firewall with support for network/firewall zones to define the trust level of networ k firewalld connections or interfaces.
    [Show full text]
  • Make QMAIL with Vpopmail Vchkpw, Courier-Authlib and Courier-Imap Auth Work Without Mysql on Debian Linux Qmailrocks Thibs Install
    Walking in Light with Christ - Faith, Computing, Diary Articles & tips and tricks on GNU/Linux, FreeBSD, Windows, mobile phone articles, religious related texts http://www.pc-freak.net/blog Make QMAIL with vpopmail vchkpw, courier-authlib and courier-imap auth work without MySQL on Debian Linux qmailrocks Thibs install Author : admin Recently installed a new QMAIL, following mostly Thibs Qmailrocks install guide. I didn't followed literally Thibs good guide, cause in his guide in few of the sections like Install Vpopmail he recommends using MySQL as a Backend to store Vpopmail email data and passwords; I prefer storing all vpopmail data on the file system as I believe it is much better especially for tiny QMAIL mail servers with less than 500 mail box accounts. In this little article I will explain, how I made Vpopmail courier-authlib and courier-imap play nice together without storing data in SQL backend. 1. Compile vpopmail with file system data storage support So here is how I managed to make vpopmail + courier-authlib + courier-imap, work well together: First its necessery to compile Vpopmailin store all its users data and mail data on file system. For this in Thibs Vpopmail Intsall step compiled Vpopmail without support for MySQL, e.g. instead of using his pointed compile time ./configure, arguments I used: # cd /downloads/vpopmail-5.4.33 # ./configure \ --enable-qmaildir=/var/qmail/ \ --enable-qmail-newu=/var/qmail/bin/qmail-newu \ --enable-qmail-inject=/var/qmail/bin/qmail-inject \ --enable-qmail-newmrh=/var/qmail/bin/qmail-newmrh \ --enable-tcprules-prog=/usr/bin/tcprules \ --enable-tcpserver-file=/etc/tcp.smtp \ --enable-clear-passwd \ 1 / 7 Walking in Light with Christ - Faith, Computing, Diary Articles & tips and tricks on GNU/Linux, FreeBSD, Windows, mobile phone articles, religious related texts http://www.pc-freak.net/blog --enable-many-domains \ --enable-qmail-ext \ --enable-logging=y \ --enable-auth-logging \ --enable-libdir=/usr/lib/ \ --disable-roaming-users \ --disable-passwd \ --enable-domainquotas \ --enable-roaming-users ...
    [Show full text]
  • Qmail Quickstarter: Install, Set up and Run Your Own Email Server
    Qmail Quickstarter Install, Set Up, and Run your own Email Server A fast-paced and easy-to-follow, step-by-step guide that gets you up and running quickly Kyle Wheeler BIRMINGHAM - MUMBAI Qmail Quickstarter Install, Set Up, and Run your own Email Server Copyright © 2007 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, Packt Publishing, nor its dealers or distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. First published: June 2007 Production Reference: 1040607 Published by Packt Publishing Ltd. 32 Lincoln Road Olton Birmingham, B27 6PA, UK. ISBN 978-1-847191-15-1 www.packtpub.com Cover Image by Vinayak Chittar ([email protected]) [ FM- ] Credits Author Editorial Manager Kyle Wheeler Dipali Chittar Reviewer Project Coordinator Russell Nelson Abhijeet Deobhakta Development Editor Indexer Nanda Padmanabhan Bhushan Pangaonkar Assistant Development Editor Proofreader Rashmi Phadnis Chris Smith Technical Editor Production Coordinator Saurabh Singh Manjiri Nadkarni Code Testing Cover Designer Ankur Shah Manjiri Nadkarni Project Manager Patricia Weir [ FM- ] About the Author Kyle Wheeler is a PhD candidate at the University of Notre Dame in the Computer Science and Engineering Department.
    [Show full text]
  • Network Security & Auditing BSD Magazine
    CONTENTS Dear Readers, The January issue opens another year with BSD Magazine. We hope you enjoyed the last few. We start with a second part of our new light-hearted and non- Editor in Chief: technical column. Its aim is not to learn but to entertain and to Ewa Dudzic [email protected] inspire some reflection and (maybe) action. In Developers Corner Dru Lavigne reviewed the 2012 of BSD. Supportive Editor Read it to recall the most important events, publications and Patrycja Przybyłowicz releases of the last year. [email protected] This time the flag article is about panoramic photography. You Contributing: will have an opportunity to try it out with tools available under a Dru Lavigne, Rob Somerville, Luca Ferrari, William Olson, BSD or any Unix like system, using only free open source software. Carlos E. G. Carvalho In the ‘How To’ section you have a chance to read another part Top Betatesters & Proofreaders: of PostgreSQL series about users and permissions managements. Barry Grumbine, Darren Pilgrim, Eric Geissinger, From the tutorials you will also learn how to ignore spam in Henrik Andersén, Imad Soltani, Luca Ferrari, Luiz Claudio 2013, since we get it more and more with each year. Pacheco, Mani Kanth, Rob Cabrera, Zander Hill Especially for administrators we start a new series, where Rob Somerville will look at the tools, processes and methods involved Special Thanks: in writing software, including developing a Content Management Denise Ebery System (CMS) which will run under an AMP stack on FreeBSD, Art Director: OpenBSD and Linux. Ireneusz Pogroszewski We wish you a good read! DTP: Ireneusz Pogroszewski [email protected] Post Scriptum Senior Consultant/Publisher: Many thanks to iXsystems Company and its employees for their Paweł Marciniak [email protected] support and contribution.
    [Show full text]
  • Creation of Two Modules for the Network Authentication Cracking
    Creation of two modules for the Network Authentication Cracking Tool Ncrack Ilias Panagiotis SID: 3306150004 SCHOOL OF SCIENCE & TECHNOLOGY A thesis submitted for the degree of Master of Science (MSc) in Mobile and Web Computing OCTOBER 2015-2016 THESSALONIKI – GREECE Ilias Panagiotis SID: 3306150004 Supervisor: Prof. Papadopoulos Apostolos Supervising Committee Members: SCHOOL OF SCIENCE & TECHNOLOGY A thesis submitted for the degree of Master of Science (MSc) in Mobile and Web Computing OCTOBER 2015-2016 THESSALONIKI – GREECE Contents CONTENTS........................................................................................................ 1 INTRODUCTION ................................................................................................ 4 INFORMATION SECURITY..................................................................................... 4 NCRACK OVERVIEW .......................................................................................... 5 PROBLEM ANALYSIS ...................................................................................... 6 ANALYSIS OF NCRACK ARCHITECTURE...................................................... 7 OPERATING SYSTEM OF CHOICE ............................................................... 11 ARCH LINUX .................................................................................................. 11 ARCH LINUX ADVANTAGES ....................................................................................... 12 Simplicity........................................................................................................
    [Show full text]
  • Secure Content Distribution Using Untrusted Servers Kevin Fu
    Secure content distribution using untrusted servers Kevin Fu MIT Computer Science and Artificial Intelligence Lab in collaboration with M. Frans Kaashoek (MIT), Mahesh Kallahalla (DoCoMo Labs), Seny Kamara (JHU), Yoshi Kohno (UCSD), David Mazières (NYU), Raj Rajagopalan (HP Labs), Ron Rivest (MIT), Ram Swaminathan (HP Labs) For Peter Szolovits slide #1 January-April 2005 How do we distribute content? For Peter Szolovits slide #2 January-April 2005 We pay services For Peter Szolovits slide #3 January-April 2005 We coerce friends For Peter Szolovits slide #4 January-April 2005 We coerce friends For Peter Szolovits slide #4 January-April 2005 We enlist volunteers For Peter Szolovits slide #5 January-April 2005 Fast content distribution, so what’s left? • Clients want ◦ Authenticated content ◦ Example: software updates, virus scanners • Publishers want ◦ Access control ◦ Example: online newspapers But what if • Servers are untrusted • Malicious parties control the network For Peter Szolovits slide #6 January-April 2005 Taxonomy of content Content Many-writer Single-writer General purpose file systems Many-reader Single-reader Content distribution Personal storage Public Private For Peter Szolovits slide #7 January-April 2005 Framework • Publishers write➜ content, manage keys • Clients read/verify➜ content, trust publisher • Untrusted servers replicate➜ content • File system protects➜ data and metadata For Peter Szolovits slide #8 January-April 2005 Contributions • Authenticated content distribution SFSRO➜ ◦ Self-certifying File System Read-Only
    [Show full text]
  • Prelude User Manual General Configuration
    Prelude User Manual [[PreludeForeword|Foreword]] 1. Introduction 1. [[PreludeGlossary|Glossary]] 2. [[PreludeComponents|Prelude Components]] 3. [[PreludeArchitecture|Prelude Architecture]] 4. [[PreludeStandards|Prelude Standards]] 5. [[PreludeCompatibility|Prelude Compatibility]] 2. Installation 1. [[InstallingPreludeRequirement|Installation Requirements]] 2. [[InstallingPrelude|Installation from sources]] 1. [[InstallingPreludeLibrary|Libprelude]] 2. [[InstallingPreludeDbLibrary|LibpreludeDB]] 3. [[InstallingPreludeManager|Prelude Manager]] 4. [[InstallingPreludeCorrelator|Prelude Correlator]] 5. [[InstallingPreludeLml|Prelude LML]] 6. [[InstallingPreludePrewikka|Prewikka]] 3. [[InstallingPackage|Installation from packages]] 4. [[AgentsInstallation|Agents Installation]] 1. [[InstallingAgentRegistration|Agents Registration]] 2. [[InstallingAgentThirdparty|3rd Party Agents Installation]] 3. Configuration 1. [[ConfigurationGeneral|General Configuration]] 2. [[PreludeComponentsConfiguration|Prelude Components Configuration]] 1. [[PreludeManager|Prelude-Manager]] 2. [[PreludeCorrelator|Prelude-Correlator]] 3. [[PreludeLml|Prelude-LML]] 4. [[PreludeImport|Prelude-Import]] 3. [[HowtoHACentralServices|Howto Configure High Availability Central Services]] 4. Optimisation 1. [[DatabaseOptimisation|Database Optimisation]] 5. User Manuals 1. [[ManualPrewikka|Prewikka Manual]] 2. [[ManualPreludeAdmin|Prelude-Admin Manual]] 3. [[ManualPreludeDbAdmin|PreludeDB-Admin Manual]] 6. Development 1. [[DevelopmentGuidelines|Development guidelines]] 2. [[SourceOrganization|Source
    [Show full text]
  • National Infrastructure Protection Center Cybernotes: 2001 Year End Summary Issue #2001-26 December 31, 2001
    National Infrastructure Protection Center CyberNotes: 2001 Year End Summary Issue #2001-26 December 31, 2001 CyberNotes is published every two weeks by the National Infrastructure Protection Center (NIPC). Its mission is to support security and information system professionals with timely information on cyber vulnerabilities, malicious scripts, information security trends, virus information, and other critical infrastructure-related best practices. You are encouraged to share this publication with colleagues in the information and infrastructure protection field. Electronic copies are available on the NIPC web site at http://www.nipc.gov. Please direct any inquiries regarding this publication to the Editor-CyberNotes, National Infrastructure Protection Center, FBI Building, Room 11719, 935 Pennsylvania Avenue, NW, Washington, D.C., 20535. Bugs, Holes & Patches The following table provides a year-end summary of software vulnerabilities identified between December 12, 2000 and December 14, 2001. The table provides the vendor, software name, operating system, common name of the vulnerability, potential risk at the time of publication, and the CyberNotes issue in which the vulnerability appeared. Software versions are identified if known. This information is presented only as a summary; complete details are available from the source indicated in the endnote. Please note that even if the method of attack has not been utilized or an exploit script is not currently widely available on the Internet, a potential vulnerability has been identified. Updates to items appearing in previous issues of CyberNotes are listed in bold. New information contained in the update will appear in italicized colored text. Where applicable, the table lists a “CVE number” (in red) which corresponds to the Common Vulnerabilities and Exposures (CVE) list, a compilation of standardized names for vulnerabilities and other information security exposures.
    [Show full text]