On Tue, Sep 05, 2000 at 03:33:33PM +0100, Dave Wilson mentioned:
> > > I am setting up a firewall for our mail server, and intend to block all ports,
> > > save those required for sendmail to work , which ones should i allow in.
> > smtp at tcp port 25.
>> Also either allow ident tcp port 113, or explicitly refuse connections to it.
> Many servers will make an ident connection to you when you make an SMTP
> connection to them, and won't allow the SMTP conversation to proceed until
> they have got some sort of positive or negative response. If you drop these
> packets silently, outgoing SMTP will have to wait until the remote end's ident
> connection times out.
And let the DNS on the mail server go out!
The words of the unwary are apt to cause needless pain and bloody violence.
- Zen Master Greg
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!