Hello,

I have just recently become in charge of a Red Hat 7.2 server for a small business. I am trying to move their email services from the Red Hat server to a host like GoDaddy.com.

I have 2 problems so far to figure out.

One, what POP3 server do I have? I was told it was Qpopper but I don't see evidence of that, no Qpopper files that I can see. How can I determine what POP3 server is installed and working? Since I will need to stop Postfix & the POP3 services I need to know what it is. BTW it is using Postfix 2.0.16.

Secondly, I will need to change the MX0 & MX10 records in DNS on the Red Hat server, but I have no clue where to look to do this.

Can someone please give me some ideas.

Thanks in advance,
Wayne

One, what POP3 server do I have? I was told it was Qpopper but I don't see evidence of that, no Qpopper files that I can see. How can I determine what POP3 server is installed and working?
Well, an easy way would be to type something like:
netstat -lpn | grep :110
and to see what process was listed on the left most column.

Secondly, I will need to change the MX0 & MX10 records in DNS on the Red Hat server, but I have no clue where to look to do this.
/etc/named.conf should give you a hint, most people put the extra files in the /var/named directory.

Just curious, why did you want to move the mail hosting to GoDaddy? I thought they gave people very little storage space?

Thanks I will try the netstat command.

Is the named.conf file where I will change the MX records or does this file tell me where to look? Sorry I'm not at the server right now.

As for the change to GoDaddy, this is a small company and GoDaddy offers 2GB of space for $20/yr. This will be fine for them, but mainly the switch is for SPAM filtering. They do a very good job at filtering out SPAM.

The named.conf file is the BIND (dns server) configuration file. One can include other files, which describe a domain name, to this file. These files are usually in /var/named/, although the named.conf file would specify the path for it if its somewhere else. Don't forget to make a backup of the files before you edit them.

As for the spam issue; first, I personally found spamassassin (http://spamassassin.apache.org/index.html) to be very effective. But for a version of Redat as old as the one that is installed in your server, I wouldn't be too surprised if its being used by others to send spam.
You can save the $20 per year, or (presumably) add more space for everyone's mail if you replaced RH7.2 with something like CentOS. If its properly set up, it should handle spam fairly well, and you may benefit from lower latencies (compared to GoDaddy's servers), since it's hosted nearby.
But if you are new to all this, $20 per year may be worth it.

I will look into Centros. I was considering going with Ubuntu server in the near future. But for now GoDaddy is the best option to thwart the SPAM.

If someone is using this server to send out SPAM, when I stop Postfix and whatever POP3 service I have won't that stop them from sending SPAM? Or have they possibly installed a mail server of their own to send it?

What is this. I ran the netstat -nlp | grep :110 command and got this.
tcp 0 0 0.0.0.0:110 0.0.0.0:* listen 1017/xinetd

Now try:
grep -H 110 /etc/xinetd.d/*
or if that didn't work (as I think xinetd also refers to /etc/services), :
grep -H -i pop3 /etc/xinetd.d/*

Open up the file whose path was outputted on the left, and see the value of the "server" option. It should let you know what POP3 server is running.

As to your other question, its generally not recommended to keep an OS that does not get security updates live on the internet. Bringing down the mail server may not be enough, as long as it has other ports open to the internet.

I will try these things tomorrow when I am at the server.

I found the mx records in /etc/domain/mydomain.com

What I think am hearing from you is upgrade the OS.

Thanks for all your help xrx

I tried grep -H 110 /etc/xinetd.d/* with the results of "no such file or directory". The same result when I substituded pop3 for 110.

I did find qpopper with the find command in /etc/log.d/conf/services/in.qpopper.conf & in /etc/log.d/scripts/services/in.qpopper .

What do you think. This is really frustrating. I feel clueless. I guess I could just try chkconfig qpopper off and see what happens?

I tried grep -H 110 /etc/xinetd.d/* with the results of "no such file or directory". The same result when I substituded pop3 for 110.
That's odd. You should only get that error message ("no such file or directory") if the directory /etc/xinetd.d/ doesn't exist at all, regardless of whether the search term found anything. Is that the case? Are you sure you typed it properly?

I guess I could just try chkconfig qpopper off and see what happens?
Hm, I don't think it would work, I think qpopper would still be running, even after you restart the server. It's the xinetd service that you would need to handle, but stopping xinetd entirely will stop everything else which depends on it. If you want to do it cleanly, see the previous paragraph about the xinetd path.

If the person who installed qpopper (assuming it is installed and running) did so using RPMs instead of using the source code, you can try to uninstall it the RH way. First, see if qpopper is in the rpm database:
rpm -qa | grep qpopper
then if it returned a result (let us know), you can remove it with (assuming it's just called qpopper):
rpm -e qpopper
You would then need to re-start the xinetd service (/etc/init.d/xinetd restart). Double check as to whether the netstat command shows anything listening in port 110 like before.

What do you think. This is really frustrating.
But why then bother with removing qpopper? Did you not already change the MX records? You could still keep it running for people to access their old mail, if you have plans to keep the server running.
I know its better to have only as much as services as necessary running on a machine, but in this case, if you were worried about security, you would have or would have planned to remove RH 7.2 entirely. So it wouldn't really matter if qpopper is running or not.

I used the service command: service qpopper stop with a response of no such service or something similar to that.

If I look in /etc/xinetd.d/ I see a pop3 file that has the following:

#default: on
#description: the finger server answers finger requests. Finger is a protocol that allows remote users to see information such as login name and last login time #for local users.
service pop3
{
disable = no
socket_type = stream
wait = no
user = root
server = /usr/local/sbin/popper
# server_args =
}

What does this tell me?

I used the service command: service qpopper stop with a response of no such service or something similar to that.
Like I said, I didn't think it would work.

If I look in /etc/xinetd.d/ I see a pop3 file that has the following:
Ah ha! So you did make a typing mistake in the grep command I gave you ;)

Anyway, you're almost done taking care of your problem. Just edit the /etc/xinetd.d/pop3 file, and change the "disable = no" to "disable = yes". Save, and restart the xinetd service ("/etc/init.d/xinetd restart"). It should be gone, run the netstat command I mentioned earlier to make sure nothing's listening in the pop3 port (110).

Hope this fixes your problem. Of course, I'd _still_ recommend installing an updated operating system, assuming it's connected to the internet and has other services open to it.

Great, it looks like I'm getting close to working through this, with your help of course.

Thanks for sticking with me for this long.

BTW... I do plan on upgrading the OS in the near future.