So I own a domain name and I want to set up a web server so I can host content on my computer that appears at the domain name. I also want to be able to send and receive mail from (address)@mydomainname.com. To be honest, I have no idea where to start. I tried googling but all I could come up with were some guides for Ubuntu :-/. Any tips about some documentation and/or tutorials I could look at?

I am also worried about security. Does it open up my computer to attacks if I set this up?

~montag

Well, first of all you try do understand the overall security stuff - what kinds of problems are there and how do they actually concern your system?

After that, you read per application security - because overall I'm a security idiot, so I use qmail as mail server, for example. What's a good webserver choice? Are there any differences between available IMAP-servers and so on. Is Apache 1.3.x really still a better idea then Apache 2.x? Do I really need an entire Apache or would a simply Python-Twisted two-liner do the trick?

And I add religiously patches and updates into my Slackware of all components I got on my system - of course I just install the necessary stuff. Typically this is something like a zlib update for example which affects many elements of any Linux distribution.

In terms of security of the Linux distribution itself Slackware is rather well cared for, as far as I see it.

Of course, there's always the risk of some security problem not published or known to us common folks yet.

I have a similar setup in place with a webserver running apache/php/mysql and email server with postfix/dovecot/spamassassin/clamav/policyd email server. Anytime, you open up services on the net, you are open to cracking/attacks. However, there are ways to setup preliminary defenses,

1. keep the systems patched/updated and subscribe to mailing lists which can give you valuable tips on configuration and also notify of new releases. This is especially true for Postfix.
2. run firewalls and don't allow unnecessary access.
3. regular backups so you can revert back your configuration if your machine dies.
4. keep monitoring the system logs, there a various softwares to do that. You can also install something like fail2ban which block some offenders.

Personally, I did everything in steps. First step was to setup Apache and PHP and tested out everything. I run a headless server so I absolutely need OpenSSH but I only allow access from local net.

For me, email server was the hardest to setup since I don't come from a CS background. I read "The Book of Postfix" by Ralf Hildebrandt which was a great help. I am in the process of writing a how-to for email server but with work and a toddler, I don't know when I'll finish it up.

Also, I spent a hugh amount of time on perfecting my iptables firewall script so I can keep access in check.

This is worth much less than it used to be, but Slackware 12 has a version of GCC that finally contains the pro-police stack protector code in it by default. Something that will help against buffer overflow exploits would be to redo the original Slackware packages (using Pat's slackbuild script, of course) and adding "-fstack-protector-all" to the CFLAGS passed to the compiler.

As to email, I will strongly suggest checking out the documentation over at Sendmail.org about preventing open relays, since that's probably the most direct threat anyone running an email server has to face at the moment.