Lock down sendmail?
Robert Brockway
rbrockway-wgAaPJgzrDxH4x6Dk/4f9A at public.gmane.org
Fri Jan 28 17:54:00 UTC 2005
On Fri, 28 Jan 2005, William O'Higgins wrote:
> what I want. Basically, this is what I'm hoping for:
>
> ACCEPT: local mail only
> SEND: local mail only
When I need to do this I use a firewall. It's a Linux box right?
Configure iptables to REJECT any attempts to connect to tcp/25 in the
OUTPUT chain on the box itself.
This way no one fiddling with Sendmail in the future will accidentally
turn on sending again. Random admins are far less likely to fiddle with a
firewall (less know how, less think they know how, most realise the
consequences).
If you did want to do with with Sendmail you could try setting the
smarthost (DS) as localhost. I've never tried that.
I really recommend a firewall approach if viable.
> Also, is there a simple way to have sshd drop requests from selected
> IPs? This box has been up two days and it is already on some script
> kiddie's hit list. Thanks.
Sshd can be compiled with TCP Wrappers support which allows this
functionality. Even better is to again block access through the firewall.
Even better is to disable password access and only allow access through
public key.
Rob
--
Robert Brockway B.Sc.
Senior Technical Consultant, OpenTrend Solutions Ltd.
Phone: 416-669-3073 Email: rbrockway-wgAaPJgzrDxH4x6Dk/4f9A at public.gmane.org http://www.opentrend.net
OpenTrend Solutions: Reliable, secure solutions to real world problems.
Contributing Member of Software in the Public Interest (http://www.spi-inc.org)
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list