Re: Sendmail
On Sun, 26 Mar 2000, Oswald Buddenhagen wrote: i like the idea of denying all incoming packets on port 25. why not do it? port 25 is only for incoming mail, so block it if you don't need it (that's what you should do for all ports you don't need). alternatively you can setup relay/delivery blocking rules in the sendmail-config. but it's just a question of time, when the next security hole is found in sendmail, so i prefer low-level-blocking. i agree. you want to use some deliver-only MTA for these kind of sites. ssmtp is the program of your choice. (apt-get install ssmtp) generally i'd say, don't use sendmail at all :) sebastian -- gravity is a myth. the earth sucks.
Identification Protocol (was: Re: your mail)
On Thu, 16 Mar 2000, Ivan Ivanovic wrote: On my Slink placed on Inernet often appears auth port connection attempts from various sites... What (common) application needs this port? irc server make ident connections to clients. squid can use ident for authorization. sendmail sometimes uses ident. maybe you want to read rfc1413. i'd turn auth off for security reasons if your box has a direct connection to internet. from rfc1413: An Identification server may reveal information about users, entities, objects or processes which might normally be considered private. An Identification server provides service which is a rough analog of the CallerID services provided by some phone companies and many of the same privacy considerations and arguments that apply to the CallerID service apply to Identification. If you wouldn't run a finger server due to privacy considerations you may not want to run this protocol. seb
RE: Identification Protocol (was: Re: your mail)
On Thu, 16 Mar 2000, Fredrik Liljegren wrote: i'd turn auth off for security reasons if your box has a direct connection to internet. Many people misunderstand the usefulness of identd, and so disable it or block all off site requests for it. identd is not there to help out remote sites. There is no way of knowing if the data you get from the remote identd is correct or not. There is no authentication in identd requests. maybe i am one of these people :) identd takes two parameters, the server and the source port of a tcp connection. it gives back the userid of the user who started it. am i right so far? i think, the userid may be useful for some purposes but in most cases it is not but gives a hacker a little piece of information. but, you're right, it could be worth while tracking down some attack from your own computer. hmm... i will think about it :-) thanks