By James Mohr
When I got my copy of this book, I couldn't wait to start working with Postfix. I had been wanting to implement Postfix for several months and thought that reviewing a book on it would be the perfect place to start. The authors seemed to have read my mind about wanting to jump right in. They warned me not to skip the beginning of the book, where they discuss things that might be considered "kiddies' stuff."
I usually get annoyed at books that spend too much time covering the basics, because they usually leave too little space for the nuts and bolts. However, I felt this book provided just the right amount of introductory material, particularly when you consider the emphasis is on ensuring that your system is ready for Postfix and that other problems don't prevent Postfix from working.
After discussing the basics, the book leads through the process of setting up Postfix for a single domain on a dial-up Internet connection. This is what I have - and what most Linux users have - so it only seems fitting. Once this basic single-domain mail server is running, the authors begin to explain the inner workings of Postfix. I found this format extremely beneficial, as it is not until after you have Postfix running that you have the necessary background to understand how the details work.
Perhaps the only disappointing aspect of this book is the little space that was provided for virus scanning. Although it is discussed enough to get you started, I personally wanted more. Granted, stopping viruses is not the purpose of the book, but it is definitely a worthwhile related topic.
The lack of depth on viruses is counterbalanced by the very detailed discussion on fighting spam. Almost a quarter of the book deals with configuring Postfix to block all kinds of unwanted email. The authors cover what spammers do to get unwanted email into your system, and they go into the details of how to configure your system to avoid it.
All in all, this book is loaded with information and examples that will help you quickly and easily implement a Postfix mail system.
Ralf Hildebrandt and Patrick Koetter
No Starch Press, 1-59327-001-1
£ 44.95, US$ 44.95, EUR 41.50
Computer books are becoming incredibly specialized. Whereas "web site administration" was a specialized topic five years ago, we now have a book that is an in-depth look at security on the Apache web server.
A number of books in the last couple of years have specifically addressed Apache security, but I was particularly impressed with Ivan Ristic's Apache Security. Rather than just providing an expanded description of the Apache documentation, the author takes a problem-solution approach. The book goes into detail about why a particular issue is important, as well as why one would want to implement a given solution. The author gets into the background behind the issues, showing how things work, rather than just telling you what to configure. For example, the chapter on SSL/TLS, certificates, and related issues provides a detailed look at the structure of these important components.
The chapter entitled "Denial of Service Attacks" covers not only the various ways malcontent can disrupt your web server, but also the common mistakes a server administrator can make to bring a server to its knees. In each case, the author describes the steps the administrator should take to address or even prevent the problem.
I really enjoyed the chapter on "Web Application Security." Most of this chapter applies to any web server, not just Apache, however, this look at application security is a very welcome addition to the book. The chapter discusses things like session management, client attacks, SQL, and script injection.
The emphasis in the last part of the book is on verifying and testing the configurations implemented in the first part of the book. This section includes a general assessment of security practices, as well as a discussion of how to use available tools to identify potential holes.
O'Reilly Media, 0-596-00724-8
£ 24.95, US$ 34.95, EUR 32.50