My personal homepage & email needs are served by a company that is unfortunately shutting down. So I'm going to have to move my stuff elsewhere.

Then I thought, Hey, why not just set up my own server and run it from that?

So I'm giving some serious thought to having my own email & web server. However, I've only used Linux as a desktop, so the world of servers is one that's not too familiar with me.

A bit of background:

I have a website that gets a maximum of 8000 hits a month, with no more than 500 megs of data downloaded per month.
I have three (main) mail accounts which don't get a huge amount of mail (maybe a dozen a day), but do get spammed quite a lot. I need to be able to access my mail via a web browser interface, and it really, REALLY needs a spam filter running on it.
I connect to the web via an ethernet router with a 512 broadband connection.

So, given that, what I need to know is:

How much RAM & CPU power should I be expecting to need?

Is the standard iptables firewall good enough for security, or will I need to look for something more heavy-duty?

Would it be worth also setting it up as a DNS server while I'm at it?

How hard is it to set up such a server?

Any advice gratefully received, including links to any places that'll help me figure out the answers myself.

Ok, you didn't specify which distro you had in mind (you like slack and LFS). My vote is slack with a little optimizing. I'm assuming your ISP isn't going to care that you are running this and block ports. I also assume that your bandwidth is sufficent to support your own traffic. That said:

1. How much RAM & CPU power should I be expecting to need?
I suspect a simple 1Ghz with 512MB should do the trick. Even if you are doing server-side scripting. Also, Preferebly SCSI drives or highspeed SATA.

2. Is the standard iptables firewall good enough for security, or will I need to look for something more heavy-duty?
Um, the firewall is yours to configure. I've used slack and suse and you will be writing your own firewall. Maybe they come with premade firewalls, but I've not seen them.

3. Would it be worth also setting it up as a DNS server while I'm at it?
Might was well, it can't hurt. YES

4. How hard is it to set up such a server?
The apache, squid, and bind will all be covered in multilple threads here. As for email and spamassasin, I'm not sure since I've never set one of those up.

Iptables is certainly good enough, provided that the rules are written correctly. If you're not familiar with writing iptables rules, I would strongly suggest using a front-end like firestarter. However, iptables is really nowhere near enough for security. First, at a bare minimum I would want an IDS like Snort and a file integrity checker like Tripwire or Aide. If you are counting on this site you need to be able to detect if/when an intrusion has happened and what files were affected. You may also want to investigate some of the hardening script programs like Bastile. Spend some quality time in the Security forum here because unSpawn has a sticky thread that is jam-packed with security tips and sites.

Far less than you would think regarding CPU, about what you would think regarding RAM. As mentioned, I'd agree 512MB should suffice. However, 1Ghz is a ton. Although, with prices and speed the way they are these days, you probably can't buy a configuration less than this. If you can, get a used P3 setup, or an AMD equivilent. You can probably grab one for less than the cost of a new 1Ghz CPU, maybe...



The chime in on unSpawn's security thread has already been made. IDS, intrustion detection systems, is certainly something to look at. When it comes to security, there is no such thing as overkill. However, don't let the security overwhelm you either, you will learn as you go.

Quote:

Would it be worth also setting it up as a DNS server while I'm at it?

I wouldn't personally. It's a big jump, and entirely new field. It's like going to college to become a Pediatrician and saying "While I'm at it, why don't I become a Surgeon as well?". Sure they are both Medical Doctor degrees, but completely different fields. Just as DNS is. You will be setting up and learning about new servers (Apache, Postfix, etc along with all the security precautions) why overwhelm yourself with learning DNS at the same time? Use a free service, such as www.zoneedit.com until you get your feet on the ground with the rest of your setup, then turn to looking at doing your own DNS. However, I've personally found that more ISP's seem to block port 53 more than any other service port, save 1, and that is email...

A very subjectional question. Apache was very easy for me at first. Postfix, not so much, but after using it, and reading a bunch of stuff on it, it became very simple and easy to use. I use Squirrelmail with Courier-imap and Postfix for my setup. More on that in a second. But basically, it's really easy, once you get the hang of it. As long as you've got a grasp on networking, the rest will hopefully fall into place as you go. Remember, security is your biggest feat. It's important to keep that box locked down. If it's not, you could easily be broadcasting the next DDoS attack to LQ....

Quote:

Any advice gratefully received, including links to any places that'll help me figure out the answers myself.

My personal favorites are as follows:
http/https = Apache/Apache+SSL
Webmail = Squirrelmail
Imap for the webmail = courier-imap
Email server = Postfix (with Maildir )
Spam prevention = SpamAssassin
Virii protection = clamav

It has been said, many times, postfix is more secure than sendmail. However, with an open box, it doesn't matter what is more secure, so work on that first. A lot of your security options are spelled out in unSpawn's thread, so be sure to take a look.

Have fun!

Cool

For a mail server I use QMail. I used qmailrocks and it walks you through server setup, imap, squirrelmail web interface, spamassasin, and clamav setup. I had it up in 2 days running on Mandrake 10.1.