Web And Email Hosting, Jsp, Tomcat, J2Ee, Hibernate Programming Blog

deny and allow The following lines are included to set which user accounts are allowed and which are denied access to the FTP service: deny-uid %-99 %65534- deny-gid %-99 %65534- allow-uid ftp allow-gid ftp The deny-uid and deny-gid entries prevent access to the FTP service from any users with IDs that are 99 or less or 65534 or greater for either user or group accounts. The allow-uid and allow-gid lines make an exception to the deny rules by allowing the ftp user and group to use the FTP service. email root@localhost E-mail related to the administration of the FTP server is directed to the root user on the local computer, by default. loginfails 5 The FTP connection terminates after five consecutive failed login attempts. (This slows down people who are trying to guess your server s passwords.) readme README* When the user logs in (login) or changes to any other accessible directory (cwd= ), the user is notified of the existence of README files, if they exist. By default, none of these files exist. For any file that begins with the word README, a message is displayed by the server that says “Please read the file README.whatever.” message This indicates that the message contained in the /welcome.msg file should be displayed when a user logs in to FTP. A similar line indicates that the .message file is displayed when the user enters a directory that contains such a file. By default, none of these files exist. If you want them on your FTP server, you have to create them yourself. Note The /welcome.msg file is relative to the root directory that the FTP user logs in to. A guest user, such as anonymous, would have /var/ftp as its root directory by default. The welcome.msg file would therefore have to be in /var/ftp. compress yes all This enables compression of files for the FTP site for all users. The compress command is the standard compression command used in UNIX systems (though gzip is used more often with free operating systems, such as Linux). The compress command lines used to carry out the compressions are defined in /etc/ftpconversions. (Files stored by compress have a .Z suffix.) tar yes all This enables tar compression for all users at the FTP site. The tar command is the standard UNIX command used to create archives of multiple files. The tar commands used to carry out the compressions are defined in /etc/ftpconversions. (Files stored by tar have a .tar, .tar.gz, or .tar.Z suffix.) chmod no guest, anonymous This prevents guest and anonymous user names from changing the permissions on any files or directories.
If you are in need for cheap and reliable webhost to host your website, we recommend http web server services.

Hat Linux are devoted to FTP. Those who access FTP from a public user account (usually the anonymous user name) are automatically given an FTP directory (often /var/ftp) as their root directory. From there, the anonymous user can access only files and directories below that point in the file system. Access to the FTP server relies on a login process that uses standard UNIX login names (that is, those user names found in /etc/passwd). Although anonymous was the user name that strangers would use, users with their own accounts on the system could log in with their own user names through FTP and most likely have access to a greater part of the file system (in particular, their own private files and directories). The ftp command and other FTP client programs let you log in and then operate from a command interpreter (similar to a very simple shell). Many of the commands that you use from that command interpreter are familiar UNIX commands. You change directories with cd, list files with ls, change permissions with chmod, and check your location with pwd (to name a few). When you find where you want to be, you use the get command to download a file or the put command to upload one. As an administrator of an FTP server, it is your responsibility to make sure that you share your files in a way that gives people access to the information that you want them to have without compromising the security of your system. This means implementing a strong security policy and relentlessly monitoring the system to prevent abuse. Cross-Reference See Chapter 14 for information on computer security issues. FTP user types Several different types of users can log in to and use an FTP server. The user name anonymous is the most common for providing public access. Real users represent the category of users who have real login accounts to your Red Hat Linux system (that is, you know them and have given them permission for other uses besides FTP). A guest user is similar to a real user account, except that he or she has more restrictive access to the computer s file system. Procedures for setting up these different kinds of users are outlined later in this chapter. Running the FTP Server When you install Red Hat Linux, your system is already set up as an FTP server. However, although users can log in and see the default FTP directories, no files that they can access are there yet. The default setup for your Red Hat Linux FTP server after you install the FTP software follows (the Washington University FTP Server software is the wu-ftpd package): FTP Daemon The FTP daemon is set up in the /etc/xinetd.d/wu-ftpd file as /usr/sbin/in.ftpd. When someone requests FTP service from your computer (probably on port 21), the xinetd daemon (which listens to lots of ports) starts the FTP daemon to handle that login request. The daemon runs with the -l option (so that FTP requests are logged by syslog to /var/log/messages) and the -a option (so that the /etc/ftpaccess file is used to define access permissions). Access Permissions (/etc/ftpaccess) The ftpaccess file delivered with Linux is quite restrictive. Although you can change it to be as open or as restrictive as you like, here is how the file is originally set:
Note: If you are looking for cheap and reliable webhost to host and run your mysql application check mysql web server services.

In the first line, because the fictional ACSP program is no longer used on the machine, there s no need to track its errors, so the mail is effectively ignored. The second line stores incoming trouble tickets in the /var/spool/trouble/incoming file. Remember that if you enable this, anyone anywhere can send you a sufficiently large message to fill up the partition on which that directory resides. This is a security risk and should be carefully evaluated before being implemented. Incoming messages can be piped directly into an executable program: majordomo: “| /usr/lib/majordomo/wrapper majordomo” Tip When resolving addresses, sendmail doesn t actually use the /etc/aliases text file. For faster accesses, the text file is turned into a Berkeley database-format file, /etc/aliases.db, which is used to resolve aliased addresses. For this reason, the newaliases command (equivalent to sendmail -bi) must be run to rebuild the database file each time the /etc/aliases text file is modified. Administering a Mailing List Even though sendmail provides several flexible methods for aliasing addresses, many situations require additional functionality. Mailing list managers (or, more commonly, listservers) offer the ability to handle large distribution lists coupled with advanced features such as moderators, archives with file transfer, digests, automatic subscription, and automatic filtering of bad addresses. Listservers typically provide several options for how each list is configured (replies go to author, replies go to the list, anyone can post to the list, posts are restricted to subscribers, subscriptions are open to anyone, subscriptions must be confirmed, and so forth). They also provide options for how the messages are presented to the recipients (with custom headers and footers, subject prefixes, filtered text in the header or body, and so forth). This section briefly describes the majordomo mailing list manager. Majordomo is a free listserver written in Perl, with the exception of one wrapper program (which is not written in Perl) that allows switching to the majordomo user. The configuration files (for the listserver as well as each individual list) are in plain text and are simple to edit. Other available mailing list managers are listed in the accompanying sidebar. Other Mailing List Managers Although the basic concept of a listserver is common to all mailing list managers, some packages offer radically different features and approach the task in a different manner. The following are some of the other listservers that are available for Linux: CREN ListProc 9.0 Available for a $2,000 donation to CREN (Corporation for Research and Educational Networking), this mailing list manager features Web-based administration, extensive logging capabilities, and automatic deletion of bad addresses. Further information and a free trial version can be found at www.cren.net/listproc/. listar This free mailing list manager (created originally for Linux) features nonprivileged execution, secure remote administration via e-mail, and expandability through dynamically loaded modules. More details and source code are available from www.listar.org/. L-Soft LISTSERV In use for more than a dozen years (originally on IBM mainframe computers), this package features file transfer via e-mail, indexing, digests, and subscription flags. Details,
Searching for affordable and reliable webhost to host and run your web applications? Go to our java web server services and you will be pleased.

Sending mail destined for one user (for example, jkpat) to another (for example, cht09, on a different machine in this case): cht09@other.mybox.com Delivering mail to the local user (jkpat again) and sending it to two others (cht09 and brannigan): jkpat, cht09@other.mybox.com, brannigan The aliases file A more flexible method of handling mail delivery (systemwide rather than being specific to one particular user) involves the /etc/aliases file, which is also a plain-text file. The aliases file (described earlier in the sendmail.cf section) contains a name followed by a colon, and then a user name, another alias, a list of addresses, a file, or a program to which mail will be delivered. The name on the left side of the colon (which can be a valid user name or just an alias) can then be used as an e-mail recipient on the local machine. Using the aliases file for mail-aliasing allows for several extensions to normal mail-handling behavior: One account can receive mail under several different names: patterson: jkpat This indicates that any mail addressed to patterson@mybox.com (just an alias) will arrive in the mailbox of jkpat (an actual user account). Mail can be received under a name that isn t a valid (or reasonable) user name: Charlie.Jackson.II@mybox.com: jackson He wouldn t really want to type Charlie.Jackson.II as a user name, but that doesn t mean he can t receive mail as such. Messages intended for one user can be redirected to another account (or to several accounts): oldemployee: bradford consultant: bradford, jackson, patterson users: :include:/root/mail/lists/users Here, any message for oldemployee@mybox.com would be delivered to the mailbox of user bradford. Also, the users bradford, jackson, and patterson would receive any mail addressed to consultant. The third line indicates that the recipients of the users alias are specified in the file /root/mail/lists/users. Mail can be sent directly to a file on the local machine: acsp-bugs: /dev/null trouble-ticket: /var/spool/trouble/incoming
In case you need affordable webhost to host your website, our recommendation is ecommerce web host services.

dnl define(`confQUEUE_LA’, `12′)dnl dnl define(`confREFUSE_LA’, `18′)dnl dnl FEATURE(delay_checks)dnl FEATURE(`no_default_msa’,`dnl’)dnl FEATURE(`smrsh’,`/usr/sbin/smrsh’)dnl FEATURE(`mailertable’,`hash -o /etc/mail/mailertable’)dnl FEATURE(`virtusertable’,`hash -o /etc/mail/virtusertable’)dnl FEATURE(redirect)dnl FEATURE(always_add_domain)dnl FEATURE(use_cw_file)dnl FEATURE(use_ct_file)dnl FEATURE(local_procmail)dnl FEATURE(`access_db’,`hash -o /etc/mail/access.db’)dnl FEATURE(`blacklist_recipients’)dnl EXPOSED_USER(`root’)dnl dnl This changes sendmail to only listen on the loopback device 127.0.0.1 dnl and not on any other network devices. Comment this out if you want dnl to accept email over the network. DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA’) dnl NOTE: binding both IPv4 and IPv6 daemon to the same port requires dnl a kernel patch dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6′) dnl We strongly recommend to comment this one out if you want to protect dnl yourself from spam. However, the laptop and users on computers that do dnl not have 24×7 DNS do need this. FEATURE(`accept_unresolvable_domains’)dnl dnl FEATURE(`relay_based_on_MX’)dnl MAILER(smtp)dnl MAILER(procmail)dnl Compared with the sendmail.cf file, it almost looks readable. Through a series of includes, defines, undefines, and features, this file brings the template-like m4 macro files together to form the sendmail.cf file. The dnl command is used to comment out entries, but the technical definition is “Delete through New Line.” Notice that the dnl command is also used to terminate commands. The include command uses the cf.m4 file as a prototype, and the OSTYPE command sets any Red Hat Linux specific configuration options. The define commands perform the same task as setting similar options within the sendmail.cf file. For example, beginning with confAUTO_REBUILD, the options and macros that are equivalent to those in the preceding define commands are, in order, AutoRebuildAliases, Timeout.connect, TryNullMXList, DontProbeInterfaces, and the Mprocmail mailer specification. This sendmail.mc file is finally turned into the sendmail.cf file with the following command: m4 /etc/mail/sendmail.mc > /etc/sendmail.cf Details on the configuration options available through the m4 macro preprocessor can be found at www.sendmail.org/m4/tweakingoptions.html. The .forward file One way for users to redirect their own mail is through the use of the .forward file, as described within the previously listed sendmail.cf file. The format of a plain-text .forward file is a comma-separated list of mail recipients. Common uses of the .forward file include: Piping mail to a program to filter the mailbox contents: “| /usr/bin/procmail”
You need excellent and relaible webhost company to host your web applications? Then pay a visit to Inexpensive Web Hosting services.

Mailer definitions Mail Delivery Agents (MDAs) are described in the Mailer Definitions section. Specifically, the section enables you to define Mlocal and Mprog MDAs as other than the procmail and smrsh programs, respectively: Mlocal, P=/usr/bin/procmail, F=lsDFMAw5:/|@qSPfhn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, T=DNS/RFC822/X-Unix, A=procmail -Y -a $h -d $u Mprog, P=/usr/sbin/smrsh, F=lsDFMoqeu9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/, T=X-Unix/X-Unix/X-Unix, A=smrsh -c $u In general, you shouldn t need to modify the options specified in the mailer definitions. However, the Mlocal and Mprog mailer definitions, shown previously, are worthy of note. The Mlocal definition is for delivering messages to a local account. The procmail MDA is used (rather than the UNIX standard of /bin/mail) to place the file in the appropriate user s mailbox. The Mprog mailer definition is used when the recipient of a message is actually a program (as in the case of majordomo, described in the next section). To direct a message to a program, sendmail uses a program called smrsh (SendMail Restricted Shell). Allowing mail to be piped directly into a program is not a great idea from a security standpoint, but smrsh makes the process a bit safer. For the program to successfully execute, a link to the program must exist within the /etc/smrsh directory. This restriction ensures that only programs installed by the administrator can directly receive mail, and other random executable programs are denied. Using the m4 macro preprocessor Although using an m4 preprocessor macro file doesn t make configuring sendmail a simple task, it is at least considerably more intuitive. For example, the cryptic sendmail.cf file described in this chapter was generated by the following text file (the /etc/mail/sendmail.mc file): divert(-1) dnl This is the sendmail macro config file. If you make changes to this file, dnl you need the sendmail-cf rpm installed and then have to generate a dnl new /etc/sendmail.cf by running the following command: dnl dnl m4 /etc/mail/sendmail.mc > /etc/sendmail.cf dnl include(`/usr/lib/sendmail-cf/m4/cf.m4′) VERSIONID(`linux setup for Red Hat Linux’)dnl OSTYPE(`linux’) define(`confDEF_USER_ID’,“8:12′’)dnl undefine(`UUCP_RELAY’)dnl undefine(`BITNET_RELAY’)dnl define(`confAUTO_REBUILD’)dnl define(`confTO_CONNECT’, `1m’)dnl define(`confTRY_NULL_MX_LIST’,true)dnl define(`confDONT_PROBE_INTERFACES’,true)dnl define(`PROCMAIL_MAILER_PATH’,`/usr/bin/procmail’)dnl define(`ALIAS_FILE’,'/etc/aliases’)dnl define(`STATUS_FILE’, `/var/log/sendmail.st’)dnl define(`UUCP_MAILER_MAX’, `2000000′)dnl define(`confUSERDB_SPEC’, `/etc/mail/userdb.db’)dnl define(`confPRIVACY_FLAGS’, `authwarnings,novrfy,noexpn,restrictqrun’)dnl define(`confAUTH_OPTIONS’, `A’)dnl dnl TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN’)dnl dnl define(`confAUTH_MECHANISMS’, `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN’)dnl dnl define(`confTO_QUEUEWARN’, `4h’)dnl dnl define(`confTO_QUEUERETURN’, `5d’)dnl
Searching for affordable and reliable webhost to host and run your web applications? Go to our java web server services and you will be pleased.

Tuucp These names specify users who are allowed to use sendmail s -f flag to set a sender other than the user running the command. You probably won t want to specify any normal user accounts here. However, if you use a mailing list manager (see the next section) that lets you specify the sender of outgoing messages, you may want to include the line Tmajordomo. Otherwise, all outgoing mail to list recipients will contain the error X-Authentication-Warning: localhost: majordomo set sender to owner-bigmailinglist using -f in the message header. If you have a large number of trusted users, the file class t can be used to specify a file that contains the list of names. Format of headers You can change the format that mail headers use with sendmail in your /etc/sendmail.cf file. The following lines appear at the beginning of that section: ######################### # Format of headers # ######################### H?P?Return-Path: <$g> HReceived: $?sfrom $s $.$?_($?s$|from $.$_) $.$?{auth_type}(authenticated$?{auth_ssf} (${auth_ssf} bits)$.) $.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version} (using ${tls_version} with cipher ${cipher} (${cipher_bits} bits) verified ${verify})$.$?u for $u; $|; $.$b H?D?Resent-Date: $a H?D?Date: $a H?F?Resent-From: $?x$x <$g>$|$g$. H?F?From: $?x$x <$g>$|$g$. H?x?Full-Name: $x # HPosted-Date: $a # H?l?Received-Date: $b H?M?Resent-Message-Id: <$t.$i@$j> H?M?Message-Id: <$t.$i@$j> These lines dictate the format of message headers. After the appropriate values are substituted into the preceding variables, this block of text becomes a qf file in /var/spool/mqueue. Rewriting rules The Rewriting Rules section of the sendmail.cf file contains a complex set of rules needed to handle your sendmail service. The rules cover such things as converting addresses and dealing with local hostnames. You should not change entries in this section arbitrarily. The start of the Rewriting Rules section contains a header that appears as follows: ###################################################################### ###################################################################### ##### ##### REWRITING RULES ##### ###################################################################### ###################################################################### Again, if you ever need to edit these lines, you deserve at least some degree of pity and sympathy from system administrators everywhere.
Searching for affordable and proven webhost to host and run your servlet applications? Go to Linux Web Hosting services and you will find it.

# Client Cert #O ClientCertFile # Client private key #O ClientKeyFile The CACERTPath option lets you indicate a directory that contains CA certificates. CACERTFile lets you indicate an individual CA certificate. ServerCertFile and ServerKeyFile let you identify the CA certificate and associated private key, respectively, that sendmail should use when it is acting as a server. ClientCertFile and ClientKeyFile let you identify the CA certificate and associated private key, respectively, that sendmail should use when it is acting as a client. Message precedences Precedences can be associated with e-mail messages in an attempt to give some messages higher authority for transferring than others. The message precedences section of the sendmail.cf file enables you to set how different message precedences are handled. The following lines appear at the beginning of the section: ########################### # Message precedences # ########################### Pfirst-class=0 Pspecial-delivery=100 Plist=-30 Pbulk=-60 Pjunk=-100 The previous lines equate precedence values with the possible precedence names in message headers. The meaning of each precedence name is indicated in Table 19-5. The numbers by themselves aren t significant, except in relation to other precedence names. Also note that incoming mail is processed immediately (unless otherwise restricted), so these priority values apply only to messages in the queue. Table 19-5: Precedence Names Name Meaning special-delivery A high-priority message that should be delivered from the queue before any others. first-class Unless overridden in the message header, this is the default priority. list This precedence name should be used for most messages emanating from mailing lists. bulk A relatively noncrucial broadcast message. This also indicates that if there are delivery troubles, the body of the message will not be included in bounce notices. junk Worthless e-mail that is possibly the output of a program or a test message. The body is also discarded from bounce notices. Trusted users You can allow users whom you trust to send messages that have sender names other than their real user names. The following lines appear in the Trusted users section for setting trusted user values: ##################### # Trusted users # ##################### # this is equivalent to setting class “t” Ft/etc/sendmail.ct Troot Tdaemon
You want to have a cheap webhost for your apache application, then check apache web hosting services.

The DoubleBounceAddress option specifies the recipient of error messages that result from a failure to deliver an earlier error message. The default value is the postmaster alias. The DeadLetterDrop option sets the backup location for saving bounced e-mail if the bounced e-mail can’t be written to other locations (by default, it is /var/tmp/dead.letter). The next lines relate to the user ID used for sendmail processing: # what user id do we assume for the majority of the processing? #O RunAsUser=sendmail By using the RunAsUser option, sendmail can be configured to perform most of its processing (other than reading the configuration file and listening for incoming connections on a privileged port) as an unprivileged user. The RunAsUser option specifies the user name or UID of the user. This may sound like a good idea, but it has the side effect of requiring the unprivileged user to have access to all .forward files, :include: files, and the queue directory. This will likely require liberal use of the DontBlameSendmail options and could cause more problems than it solves. The next lines relate to the recipients in an SMTP envelope: # maximum number of recipients per SMTP envelope #O MaxRecipientsPerMessage=100 The MaxRecipientsPerMessage option specifies the upper boundary on the number of individual recipients per message in an effort to block mail spam (unsolicited commercial e-mail or unsolicited bulk e-mail), which is commonly sent to large distribution lists. By default, there is no restriction. The next lines relate to getting local names: # shall we get local names from our installed interfaces? O DontProbeInterfaces=true The DontProbeInterfaces option (if set to True) keeps sendmail from automatically modifying the class macro Cw with the hostnames and addresses of all physical network interfaces. By default, the equivalent hosts and addresses are added to Cw. The next lines relate to delivery status notification (DSN): # Return-Receipt-To: header implies DSN request #O RrtImpliesDsn=False The RtrImpliesDsn option causes a delivery status notification to be sent to the envelope sender instead of to the address contained in the header. The next option lets you override the connection address. # override connection address (for testing) #O ConnectOnlyTo=0.0.0.0 To force delivery of mail to all go to a particular address, you can add an IP address using the ConnectOnlyTo option. This is useful for testing purposes. The next option relates to defining a trusted user: # Trusted user for file ownership and starting the daemon #O TrustedUser=root The TrustedUser option can be used to set which user on your system is trusted to own sendmail-related files and to run sendmail daemons. The user name can be either the name or user ID contained in the /etc/passwd file. The next set of options can be used to indicate the locations of certificate authority (CA) certificates and private keys on your system: # CA directory #O CACERTPath # CA file #O CACERTFile # Server Cert #O ServerCertFile # Server private key #O ServerKeyFile
Go visit our java server pages services for a reliable, lowcost webhost to satisfy all your needs.

and time. This prints a line similar to the following: 220 al.mybox.com ESMTP Sendmail 8.9.3/8.9.3; Mon, 19 Jul 1999 18:47:23 -0400 # UNIX initial From header format (old $l macro) O UnixFromLine=From $g $d The UnixFromLine option defines the format of the From header line that is used as a message separator within mailbox files. The default value of $g $d prints the sender s e-mail address, followed by two blank spaces and the local date and time at which the message was received. The next lines define how to handle embedded newlines: # From: lines that have embedded newlines are unwrapped onto one line #O SingleLineFromHeader=False If the SingleLineFromHeader option is set to True, any new lines within the From: header are converted into spaces. Otherwise, the split header lines are retained. The next lines relate to how SMTP responds to a HELO request not associated with a hostname: # Allow HELO SMTP command that does not include a host name #O AllowBogusHELO=False If the AllowBogusHELO option is set to True, the restriction that a hostname must follow a HELO command is not enforced. If it is set to False (the default), the behavior specified by RFC 1123 is required. The next lines relate to quoting special characters: # Characters to be quoted in a full name phrase (@,;:()[] are automatic) #O MustQuoteChars=. By default (and according to RFC 821), the nine characters enumerated in the comment in the first line must be quoted if they appear in a nonaddress portion of an address (for example, the user s name or nickname). The . and characters can be specified in the MustQuoteChars option to require quoting as well. The next lines relate to delimiter characters: # delimiter (operator) characters (old $o macro) O OperatorChars=.:%@!^/[]+ The OperatorChars option lists the characters (in addition to the set of ()<>,; rn already defined by sendmail) that can be used as separators within an address. This option should not be altered. The next lines relate to initgroups: # shall I avoid calling initgroups(3) because of high NIS costs? #O DontInitGroups=False The DontInitGroups option (if set to True) forces sendmail to not process the initgroups system call. This is useful if groups have many members or a slow name service is used. The default value is False. The next lines relate to an obsolete function: # are group-writable :include: and .forward files (un)trustworthy? #O UnsafeGroupWrites=True The UnsafeGroupWrites option has been effectively replaced by various arguments to the DontBlameSendmail option, which was discussed early in this section. The next lines relate to sending errors: # where do errors that occur when sending errors get sent? #O DoubleBounceAddress=postmaster # where to save bounces if all else fails #O DeadLetterDrop=/var/tmp/dead.letter
We recommend high quality webhost to host and run your jsp application: christian web host services.