Re: Sendmail

2000-03-26 Thread Sebastian Stark 
On Sun, 26 Mar 2000, Oswald Buddenhagen wrote:

 i like the idea of denying all incoming packets on port 25.

why not do it? port 25 is only for incoming mail, so block it if you don't
need it (that's what you should do for all ports you don't need).

  alternatively you can setup relay/delivery blocking rules in the
  sendmail-config. but it's just a question of time, when the next
  security hole is found in sendmail, so i prefer low-level-blocking.

i agree.
you want to use some deliver-only MTA for these kind of sites.
ssmtp is the program of your choice. (apt-get install ssmtp)

generally i'd say, don't use sendmail at all :)


sebastian

-- 
gravity is a myth. the earth sucks.

Identification Protocol (was: Re: your mail)

2000-03-16 Thread Sebastian Stark 
On Thu, 16 Mar 2000, Ivan Ivanovic wrote:

  On my Slink placed on Inernet  often appears auth port connection attempts 
 from various sites...
  What (common) application needs this port?

irc server make ident connections to clients.
squid can use ident for authorization.
sendmail sometimes uses ident.

maybe you want to read rfc1413.

i'd turn auth off for security reasons if your box has a direct
connection to internet.

from rfc1413:

   An Identification server may reveal information about users,
   entities, objects or processes which might normally be considered
   private.  An Identification server provides service which is a rough
   analog of the CallerID services provided by some phone companies and
   many of the same privacy considerations and arguments that apply to
   the CallerID service apply to Identification.  If you wouldn't run a
   finger server due to privacy considerations you may not want to run
   this protocol.

seb

RE: Identification Protocol (was: Re: your mail)

2000-03-16 Thread Sebastian Stark 
On Thu, 16 Mar 2000, Fredrik Liljegren wrote:
  i'd turn auth off for security reasons if your box has a direct
  connection to internet.
 Many people misunderstand the usefulness of identd, and so disable it or
 block all off site requests for it. identd is not there to help out remote
 sites. There is no way of knowing if the data you get from the remote identd
 is correct or not. There is no authentication in identd requests.

maybe i am one of these people :)
identd takes two parameters, the server and the source port of a tcp
connection. it gives back the userid of the user who started it. am i
right so far?
i think, the userid may be useful for some purposes but in most cases it
is not but gives a hacker a little piece of information.
but, you're right, it could be worth while tracking down some attack from
your own computer. hmm... i will think about it :-)

thanks