Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: openSuSE Tumbleweed-KDE, Mint 21, MX-21, Manjaro
Posts: 4,629
Rep:
Postfix/master: How to close Port 25?
I want to secure my box but can't get closed port 25 . The Postfix/master process is listening here (as found out by "netstat -pantu" and "nmap").
I can't shut the sevice down entirely, since I need the mailed messages from the system. I tried /etc/postfix/main.cf, /etc/postfix/master, /etc/postfix/access but no luck there (changed the inet_interface to 127.0.0.1, nothing happened).
Where would be the config file, and what to change there?
BTW: This is a stand alone workstation, no chance for an external scan.
Well postfix needs to listen on something, so you can change port (I guess that doesn't help) or close port 25 to external pareties using iptables or other firewall.
If its' truly a standalone workstation with no chance for an external scan, why do you care?
Distribution: openSuSE Tumbleweed-KDE, Mint 21, MX-21, Manjaro
Posts: 4,629
Original Poster
Rep:
Quote:
Originally Posted by billymayday
Well postfix needs to listen on something, so you can change port (I guess that doesn't help) or close port 25 to external pareties using iptables or other firewall.
No, I want to make it listen only to 127.0.0.1:25, I need the functionality ... in short; I want to close the port against external connection attempts. Firewall comes next additionally...
Quote:
Originally Posted by billymayday
If its' truly a standalone workstation with no chance for an external scan, why do you care?
What I meant is, I have no network (LAN). I connect the machine via 56k modem to the internet.
Distribution: openSuSE Tumbleweed-KDE, Mint 21, MX-21, Manjaro
Posts: 4,629
Original Poster
Rep:
Quote:
Originally Posted by billymayday
Probably the default firewall
No, I toggled it on and off scanning repeatedly, ports changed between "closed" and "not available" (? if memory serves right), certainly not "listen"...
Listen just means some program is listening on a particular port - as you point out, a firewall can't listen in itself, it just directs traffic (including dropping it).
From what I can find, 0.0.0.0 is just the default gateway, exactly what that means is a little unclear to me but would seem to be purely local, and I suspect null.
The other setting in main.cf is inet_interfaces. If this is only set to localhost, then a portscan shouldn't find anything listening on port 25 of you network IP.
Distribution: openSuSE Tumbleweed-KDE, Mint 21, MX-21, Manjaro
Posts: 4,629
Original Poster
Rep:
Doesn't work here. After following your suggestion I get:
Code:
linux:/home/me # netstat -pantu
Aktive Internetverbindungen (Server und stehende Verbindungen)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN 5428/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 7386/master
tcp 0 0 127.0.0.1:4153 127.0.0.1:25 TIME_WAIT -
tcp 0 0 127.0.0.1:5018 127.0.0.1:631 TIME_WAIT -
udp 0 0 0.0.0.0:631 0.0.0.0:* 5428/cupsd
linux:/home/me # nmap -sV -v -p 0-65535 127.0.0.1
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2007-03-29 16:22 CEST
Initiating SYN Stealth Scan against localhost (127.0.0.1) [65536 ports] at 16:22
Discovered open port 25/tcp on 127.0.0.1
Discovered open port 631/tcp on 127.0.0.1
The SYN Stealth Scan took 12.97s to scan 65536 total ports.
Initiating service scan against 2 services on localhost (127.0.0.1) at 16:22
The service scan took 5.10s to scan 2 services on 1 host.
Host localhost (127.0.0.1) appears to be up ... good.
Interesting ports on localhost (127.0.0.1):
(The 65534 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE VERSION
25/tcp open smtp Postfix smtpd
631/tcp open ipp CUPS 1.1.23
Nmap finished: 1 IP address (1 host up) scanned in 19.667 seconds
Raw packets sent: 65543 (2.62MB) | Rcvd: 131077 (5.24MB)
linux:/home/me #
And you'll notice netstat saying "port 25 LISTEN" and nmap saying "open port 25/tcp", so that blasted thing is open ...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.