> > I am setting up a firewall for our mail server, and intend to block all ports,
> > save those required for sendmail to work , which ones should i allow in.
>> smtp at tcp port 25.
Also either allow ident tcp port 113, or explicitly refuse connections to it.
Many servers will make an ident connection to you when you make an SMTP
connection to them, and won't allow the SMTP conversation to proceed until
they have got some sort of positive or negative response. If you drop these
packets silently, outgoing SMTP will have to wait until the remote end's ident
connection times out.
Dave
--
dave.wilson at heanet.ie ------------- DW238-RIPE ------------- +353-1-662-3412
For public key mail My opinions, not necessarily
davew+pgp at heanet.ie those of my employer
"Desmond takes Onomatopiates. He's a woof woof." -- "Metaphorazine", Jeff Noon
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
