For those of you looking for a way to set up Postfix so your client base can login with Single Sign On, this article is for you.
Here we will be walking through configuring postfix for the following criteria:
- LDAP based User lookups (In this article I have used FreeIPA 3.0)
- Single Sign On authentication for mail sending.
- Enabling TLS based connections using FreeIPA as the Certificate Authority.
Please be aware that this article does not cover accessing a user’s mailbox as this is covered in the following article.
Before I continue I’d like to thank Loris Santamaria and Anthony Messina from the firstname.lastname@example.org mailing list for their assistance in getting this solution working.
Details used in this article are as follows:
FreeIPA Servers: ds01.example.com, ds02.example.com
Postfix Server: mail.example.com
IPA Test user: ipauser1
Tunnel your tcp traffic through ICMP echo/ reply packets or UDP 53(DNS) packets
So you are at a local coffee shop with your laptop and see an open access point that you want to connect to. You connect to the AP and open up your favorite webrowser, only to find that you are presented with a page that asks for a code for you to proceed with your internet cravings. WTF !! Many places such as coffee shops provide you with wireless internet connectiviy at a small cost (usually more than the coffee you purchased). You recieve a code when you purchase the coupon for wireless access and then you go onto your webrowser, enter that in and the you’re good to go. Well for almost everything digital, there is most likely a walkaround to do things and in this case there is. Enter the world of protocol tunneling. The basic idea behind this is to transfer data from one protocol or port number, using another protocol (or port number). Read more
Most programs and services produce logs. When a user visits an apache web server, the service will most likely keep a log of that request, along with the date and requester’s ip address. Other details might be logged as well. Here us an example of some entries in a logfile:
192.168.1.20 - - [21/Sep/2011:11:04:40 +1000] "GET / HTTP/1.0" 200 468
192.168.1.20 - - [21/Sep/2011:11:07:48 +1000] "GET /login.php HTTP/1.0" 200 6433
Log files would usually contain hundreds of such entries, most, if not all of which are important to us. If there is an issue with a service, perhaps there is an entry in the logfile that can tell us why. Another scenario is where management require some statistical information. For example, how many unique IP addresses visited their website in the past hour and what pages did they visit. Or which web pages are the most frequently visited. Read more
Fail2Ban (authentication failure monitor) is an intrusion prevention software, written in Python. Fail2Ban analyzes various services log files (ssh, apache, postfix etc) and if it detects possible attacks (mainly Brute-force attacks), it creates rules on the firewall (iptables and many others) or tcp wrappers (/etc/hosts.deny) to ban (temporarily or permanently) the wannabe hacker. Simultaneously, fail2Ban informs system administrator with email for its activity in real time.
Some activities which considered as attacks are: Read more