vmware images post-import (virtual users & domains debian lenny)

Discussion in 'HOWTO-Related Questions' started by gr33d, Feb 8, 2010.

  1. gr33d

    gr33d New Member

    i imported virtual users and domains (mysql, squirrelmail, postfix, courier, etc debian lenny) image into vmware 2.0 server, and i need to secure everything with new passwords.

    what else do i need to change from the default 'howtoforge' passwords, etc? ive updated root and administrator user passwords. are there any other users with default passwords?

    there are 6 users in mysql. can any be removed? when i change the mysql root password, will this break postfix/courier since they required passwords during the install?

    i couldnt find an existing post for this, but thanks in advance!
  2. gr33d

    gr33d New Member

    i changed mysql root password and nothing seems to be impacted--hooray!

    is there any postfix/courier risk in leaving the mail_admin password as mail_admin_password? i added directives to phpmyadmin to "Allow only from" my subnets, so mail_admin cannot accidently login there. but, could this user login some other way?

    (maybe for another post) my ultimate goal is to allow only encrypted pop3, imap and smtp. how can i secure this server?

    i tried securing smtp (http://www.howtoforge.com/postfix-smtp-authentication-on-the-secure-port-only) with no luck. the only difference--i left smtpd.conf alone. it seemed, to me, like it would need the sql_* configuration lines, but it didnt work with or without them.

    pwcheck_method: saslauthd
    mech_list: plain login
    allow_plaintext: true
    auxprop_plugin: mysql
    sql_user: mail_admin
    sql_passwd: mail_admin_password
    sql_database: mail
    sql_select: select password from users where email = '%u'
    "postfix reload" erred on the following line in master.cf:
    -o smtpd_sasl_auth_enable=yes
    thanks in advance!
  3. falko

    falko Super Moderator ISPConfig Developer

    I'd change the password of the MySQL user mail_admin. I think I'd also install fail2ban.
  4. gr33d

    gr33d New Member

    will i need to modify the mail_admin_password in the 6 .cf files created for postfix?

    also, do you have any insight as to why (with iptables -P INPUT ACCEPT) outlook (or any mail client) will only work with unencrypted settings? i'd like to use tls so email is encrypted.

    fail2ban--good idea. thanks!
  5. falko

    falko Super Moderator ISPConfig Developer

    Yes, after you've changed the password.

Share This Page