LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 12-09-2007, 07:33 AM   #1
chrisknight
Member
 
Registered: Jan 2003
Location: ohio
Distribution: CentOS5.5, SmoothWall 3.0
Posts: 139

Rep: Reputation: 15
/etc/hosts file question


I am following this guide:
http://www.redhat.com/magazine/025no...ail/index.html

The part where it states to:
Edit your hosts file.
Sendmail will make use of your /etc/hosts file, so you need to modify it so that mail is routed properly. Edit your /etc/hosts file and include a line that reads:
1.2.3.4 server1.mailjunkie.org
where 1.2.3.4 is the IP address that is assigned to you by your ISP.

My /etc/hosts file looks like this:
127.0.0.1 localhost.localdomain localhost
172.16.16.200 c3.mydomain.com c3
::1 localhost.localdomain localhost


Can I have 2 lines like this?:
172.16.16.200 c3.mydomain.com c3
65.256.myWAN.IP c3.mydomain.com

I have the 172.16.16.200 line there just as standard practice for my lan.


Thanks,
Chris
 
Old 12-09-2007, 07:57 AM   #2
trickykid
Guru
 
Registered: Jan 2001
Posts: 24,133

Rep: Reputation: 199Reputation: 199
Actually by default you only need the loopback and localhost.

Code:
127.0.0.1    localhost.localdomain localhost
If you have proper DNS setup or using your ISP's DNS servers, you don't need to modify this file, unless you have more than one machine on your local private LAN and too lazy to setup your own DNS server for name resolution.
 
Old 12-09-2007, 01:46 PM   #3
chrisknight
Member
 
Registered: Jan 2003
Location: ohio
Distribution: CentOS5.5, SmoothWall 3.0
Posts: 139

Original Poster
Rep: Reputation: 15
OK, The DNS issue is resolved.

I have sendmail working and relaying mail via
define('smarthost'), ('my.isp.smtp.server')
I also have dovecot working as a pop3 server.

I tested relaying with no username & no (pop) password and it appears to be open relaying.

If mail leaves my network on TCP 25 and comes in (pop3) on 110, and I never need to send mail from outside my LAN, could I just leave port 25 closed at the router and open 110 to my pop server for mail to come in?
Would that work?


Or should I disable open relaying all together?

Thanks,
Chris

Last edited by chrisknight; 12-09-2007 at 01:48 PM.
 
Old 12-09-2007, 02:18 PM   #4
trickykid
Guru
 
Registered: Jan 2001
Posts: 24,133

Rep: Reputation: 199Reputation: 199
Never ever have your MTA configured as an open relay. Never or you shall be shot for such things. Never I tell you. Close that open relay now unless you like to be called a spammer when spammers use your MTA to send everyone spam. Why are you still reading this, go close it already.
 
Old 12-09-2007, 03:11 PM   #5
chrisknight
Member
 
Registered: Jan 2003
Location: ohio
Distribution: CentOS5.5, SmoothWall 3.0
Posts: 139

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by trickykid View Post
Never ever have your MTA configured as an open relay. Never or you shall be shot for such things. Never I tell you. Close that open relay now unless you like to be called a spammer when spammers use your MTA to send everyone spam. Why are you still reading this, go close it already.
I realize this. I had no intention of opening that servers port 25 to the internet.

Technically though, if I only have myself on a private LAN, could sending mail (smtp) and receiving mail (pop3) work if I ONLY open port 110 for incoming mail? ...& NOT open port 25 to the internet at all. My router will allow outbound traffic on port 25.

Now I have another issue though... I cant receive mail from the outside. I have port 110 open and an MX record pointing to my WAN IP. Is that correct?

I guess I need to research how to go about shutting off open relay if I'm going to leave this up & running.
Whats your opinion on POP before SMTP?
http://spam.abuse.net/adminhelp/smPbS.shtml

Thanks,
Chris
 
Old 12-09-2007, 08:09 PM   #6
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,287

Rep: Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034
An smtp server listens on port 25, but sends from any non-reserved port above 1023.
In short, server sw binds to a specified port (see /etc/services for IANA known ports), but clients send on any non-priv port ie above 1023, that is avail, chosen randomly by the system (at least as far as user is concerned.)
 
Old 12-09-2007, 10:51 PM   #7
dkm999
Member
 
Registered: Nov 2006
Location: Seattle, WA
Distribution: Fedora
Posts: 407

Rep: Reputation: 35
So, to amplify what chrism01 said, in order to send and receive mail on the Internet, you need to have TCP port 25 open, and you either need to allow all unprivileged ports (1024:65535) to come and go unhindered, or (better) use iptables to permit ESTABLISHED connections and port 25 connections.

Mail sending and reception between your server and anyone else's server takes place over connections that begin on TCP port 25. Mail transfer between your server and your desktop (laptop?) machine occur using the POP3 protocol on TCP port 110. Since (I presume) this transfer always takes place behind the firewall, you should not need to allow port 110 traffic through the firewall. (In fact, since POP3 uses plaintext passwords, I would argue that it should never be used over the public Internet; instead, use IMAP, which protects your passwords through a challenge/response scheme.)
 
Old 12-10-2007, 08:32 AM   #8
trickykid
Guru
 
Registered: Jan 2001
Posts: 24,133

Rep: Reputation: 199Reputation: 199
You need port 25 open to recieve email from the world. But turn off open relaying or restrict it to your network or servers, not to the world.

Port 110 is used for POP access. 143 is IMAP, which are both totally different than 25 for the MTA.

Think of it this way, the MTA using port 25 is the Post Office to route and deliver the mail. POP 110 or IMAP 143 is your legs that allow you to go check and retrieve your mail from the mailbox once it's been delivered.
 
Old 12-21-2007, 04:50 PM   #9
chrisknight
Member
 
Registered: Jan 2003
Location: ohio
Distribution: CentOS5.5, SmoothWall 3.0
Posts: 139

Original Poster
Rep: Reputation: 15
OK... I follow ya.

I upgraded the fedora machine with a clean install of Fedora 8.
I guess open relaying on F8 is disabled by default.

If I followed the guide here:
http://www.redhat.com/magazine/025no...ail/index.html

Only I did not install MailScanner, SpamAssassin, and ClamAV.

...and I modified /etc/mail/access
to read:

connect:localhost.localdomain RELAY
connect:localhost RELAY
connect:127.0.0.1 RELAY
connect:172.16.16 RELAY

Is this all I need to do to disable open relaying?

Thanks,
Chris
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] question about hosts.allow/hosts.deny Wim Sturkenboom Linux - Security 9 05-30-2006 01:33 AM
/etc/hosts and hosts.deny question ilan1 Linux - Networking 4 03-04-2006 05:28 PM
hosts.allow & hosts.deny question... jonc Linux - Security 9 03-05-2005 09:41 PM
does the /etc/hosts file work same as the M$ hosts file? Lleb_KCir Linux - Software 6 04-03-2004 04:33 PM
Hosts File Question LinuxGeek Linux - General 5 08-12-2002 01:03 AM


All times are GMT -5. The time now is 05:32 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration