On Fri, 15 Mar 2002, Harry Putnam wrote: > The things I'm really unsure about are: > > 1) What daeman do I need to have running (pop3d Imapd...). I intend > to have other household machines retreive via pop3 from this > server.
Although I prefer IMAP, you can use any POP3 daemon that you like. There are many Debian packages which provide POP3 daemons, "apt-cache search pop3" will list some of them. > 2) Do other machine users really have to have accounts on debian box? > or just a mailbox at /var/mail? It all depends on how you set it up. I create local user accounts for each user, although logging in is disabled. > 3) If I have a daemon running, is it possible to setup so that it only > runs when a machine connects. You can run either POP3 or IMAP daemons from inetd (or tcpserver, etc.) inetd will bind to the port and the actual daemon itself won't be running. When a client connect, inetd will invoke the daemon and the daemon will handle it from there. > 4) How can I bar any machines that are not 192.xxx.xxx from the > 143/110 port. If you're using inetd, you have two lines of defense. The first line of defense is Linux's built-in packet filter, which you can easily tell to not allow anything for those ports from anywhere except your network. Your second line of defense is tcp wrappers (man tcpd, man 5 hosts_access). > 5) what do I have to tell exim in order for it to know to send the > other machines outgoing mail to my isp smart_host. >From exim.conf: # Send all mail to a smarthost smarthost: driver = domainlist transport = remote_smtp route_list = "* mail.home.lan bydns_a" end Replace "mail.home.lan" with your ISP's mail server's hostname. > 6) can all this be made invisible to the internet, so that a scan will > not show 143/110 as running or open? Your firewall can invisibly drop packets to either of those ports. > I am behind a hardware firewall already (Netgear FR314) which I think > will hide the open ports from the internet. but still want > to make all precautions. And know how to setup so that only my network > machines get access. Using tcp wrappers in conjunction with a packet filtering firewall, you should have no problems. Besides, you said you already have a hardware firewall in between your network and the public Internet. HTH. j. -- Jeremy Gaddis <[EMAIL PROTECTED]>
