Date: Fri, 22 Sep 2000 23:37:59 +0100 From: David Pick <D.M.Pick@qmw.ac.uk> To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> Cc: Neil Blakey-Milner <nbm@mithrandr.moria.org>, security@FreeBSD.ORG, Peter Wemm <peter@netplex.com.au> Subject: Re: sendmail default run state Message-ID: <E13cbSC-000Dyf-00@dialup-janus.css.qmw.ac.uk> In-Reply-To: Your message of "Fri, 22 Sep 2000 13:11:51 PDT." <200009222012.e8MKCRF12785@cwsys.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
<much snipping> > > > sendmail_enable="YES" # run the sendmail MTA > > > sendmail_outboundonly_enable="YES" # don't listen for messages from the network Hmm. Jumping into this half-way through, does this mean: (1) outbound only (2) not inbound the difference being that in (2) a local MTA woould be running and would be allowed to accept messages from the local machine only. I've implemented this by using IPFW to allow TCP calls to port 25 via the loopback interface but not in from any "real" (real, tunnel, &c) interface. I feel (2) is more useful (but then, I would given what I do), but (1) might be of interest to some people (no need tohave sendmail/exim/qmail listening). > > > sendmail_queuetime="30" # time in minutes between re-trying queued items > > > sendmail_flags="" # additional sendmail flags > > What do others think of this? (orignally Peter's idea) > > > > I personally would really like 'sendmail_outbound_only="YES"' to be the > > default in /etc/defaults/rc.conf, with an option in sysinstall's Network > > Services for turning it on/off. Agreed. <much more snipping> On a similar vein, I used to block incoming TCP connections to port 6000 (X) until I found a hint on this list that adding "-nolisten tcp" to the server setup line in /usr/X11R6/lib/X11/xdm/Xservers was a much better way to go. (I use SSH extensivly ;-) In fact (IIRC) it was a message from Cy! -- David Pick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E13cbSC-000Dyf-00>