LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-25-2006, 09:15 PM   #1
taiwf
Member
 
Registered: Jun 2005
Distribution: debian, ubuntu, redhat,knoppix
Posts: 194

Rep: Reputation: 31
usermin or openwebmail security concern?


HI,

I currently running a postfix(2.1.5-9) mail server under debian sarge 3.1 environment. There are a couple more server inside the machine, things like LAMP(intranet only) and samba. The server is protected behind cisco router with vpn configured and iptables inside the exact server (ya, everything in one box...).

Now, I would like to install an web interface for ppl to access email on browse outside the LAN network. I wonder if webmin(got its own webserver) is safe enough to do the job or should i run it with openwebmail by utilizing apache(version 1.33)?

Also, i would like to know what are the things i need to consider to not open a big security hole for hacker to get through.



Thanks in advanced


chris

Last edited by taiwf; 04-25-2006 at 09:16 PM.
 
Old 04-25-2006, 10:56 PM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Webmin is going to be massive overkill to simply allow people to access mail. It has the ability to view/modify a huge number of things on the system, including turning on/off services, user admin, iptables config, etc. If all you need is mail, then I'd setup something specifically designed for that job like POP or webmail. Using webmin is going to open more potential holes than it would solve for this scenario.

As far as security, obviously you'll want to implement some kind of authorization so that only valid users can send mail otherwise you'll find your machine being used to send spam. You'll also want to harden Apache and the underlying OS itself. OS and Apache hardening guides can be found in the Security references thread and the Apache site has info on security as well. I'm also reading a fantastic book on Apache hardening which I would highly recommend.

Last edited by Capt_Caveman; 04-25-2006 at 10:58 PM.
 
Old 04-27-2006, 12:21 AM   #3
taiwf
Member
 
Registered: Jun 2005
Distribution: debian, ubuntu, redhat,knoppix
Posts: 194

Original Poster
Rep: Reputation: 31
sorry i was meant to say 'usermin'(a cutdown version for end user) then webmin :P

But i have the same feeling that apache seems to be flexible in term of tighten up the security then the mini web-server provide by usermin... but i just want to confirm you guys.


thx
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
A security concern! Please advise! vharishankar General 5 11-30-2004 11:05 AM
This is an security concern? Then why is it defualt in Slack 8.1? Tarts Slackware 2 08-21-2003 12:06 AM
Usermin bnumark Linux - Software 0 08-10-2003 06:41 PM
Security concern linuxRules Linux - General 3 05-22-2002 02:23 PM
Usermin prozach Linux - General 0 04-11-2002 08:34 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:23 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration