LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-11-2001, 11:03 AM   #1
adamrau
Member
 
Registered: Sep 2001
Posts: 42

Rep: Reputation: 15
How to prevent telneting to my mail server on port 25


Hi,
How do i prevent users from telneting to my mail server on port 25? Is there an ip chains command or something.
The reason that I want to do this is because I dont want people to know that im running sendmail/etc.
Thanks for your time in advance
Adam
 
Old 10-15-2001, 01:23 PM   #2
d3funct
Member
 
Registered: Jun 2001
Location: Centralia, WA
Posts: 274

Rep: Reputation: 31
Lightbulb

If you read the manpage for xinetd.conf (man xinetd.conf) you will see that there is an option to specify the port to which you can telnet. If you specify the port and it is defined in /etc/services and uncommented you will be able to telnet to it.
 
Old 10-17-2001, 12:05 AM   #3
DavidPhillips
LQ Guru
 
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,163

Rep: Reputation: 58
[david@ccxxxxxx-x xinetd.d]$ pwd
/etc/xinetd.d
[david@xxxxxx-x xinetd.d]$ cat telnet
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = yes
}


[david@ccxxxxxx-x xinetd.d]$ cat /etc/services | grep telnet
telnet 23/tcp
telnet 23/udp

Last edited by DavidPhillips; 10-17-2001 at 12:09 AM.
 
Old 10-18-2001, 02:38 PM   #4
zhenwu
Member
 
Registered: Jul 2001
Location: Taiwan (ex-Victoria BC)
Distribution: RH 9.0
Posts: 126

Rep: Reputation: 15
Personally, I think Telnet is a terrible service to have running, and therefore never allow it on my server. If you need to allow remote access, I'd suggest SSH, as it is a much more secure way of doing it.
 
Old 10-18-2001, 06:18 PM   #5
lsof
Member
 
Registered: Oct 2001
Distribution: red hat 7
Posts: 58

Rep: Reputation: 15
Re: How to prevent telneting to my mail server on port 25

Quote:
Originally posted by adamrau
Hi,
How do i prevent users from telneting to my mail server on port 25? Is there an ip chains command or something.
The reason that I want to do this is because I dont want people to know that im running sendmail/etc.
Thanks for your time in advance
Adam
i think you can't disable 'telnet' access to port 25. smtp is a text-based protocol - all commands issued along with the messages they generate are in plain text. i don't think there is a way to distinguish between a user connecting to port 25 and another mta.

i would also recommend the following changes in /etc/sendmail.cf if u already have not done so:

SmtpGreetingMessage=
Privacy Options=goaway
HelpFile=
 
Old 10-19-2001, 03:39 PM   #6
Griffon26
Member
 
Registered: Sep 2001
Location: The Netherlands
Distribution: Gentoo, Debian, Mandrake, LFS
Posts: 182

Rep: Reputation: 30
If you only want to use the service on localhost itself, then you can indeed use ipchains to block access.



I only have something for iptables here, but for ipchains it should be similar.



# accept everything coming in on the loopback device

iptables -A INPUT -i lo -j ACCEPT

# reject tcp:25 from anywhere else

iptables -A INPUT -p tcp --dport 25 -j REJECT

Make sure they're at the start of the chain.
 
Old 10-23-2001, 02:34 AM   #7
Tasha v71
Member
 
Registered: Oct 2001
Location: Cave Creek, AZ
Distribution: Red Hat v7.1 Seawolf Edition :)
Posts: 38

Rep: Reputation: 15
ok, so here i am on installing Linux for about the 10th time in 3 days... yay, gooo red hat wooooo

the first time i installed it, my internet access ran fine, but my vid card was shot... so i got a new one (Nvidia GEForce 2 w/ 32MB Ram btw) *grunt*grunt*grunt*

anyway... now i can't get online, i'm thinkin i didn't setup the netconfig properly, i think static is the one i want where i define the IP it always gets....

as i said earlier i'm typing from my Win2K machine connected via Linksys 4-port router/firewall.... what's the right config?
 
Old 10-24-2001, 10:44 PM   #8
DavidPhillips
LQ Guru
 
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,163

Rep: Reputation: 58
what are you configuring?

ifconfig is the tool for setting up the ipaddress and netmask

route is used to set the default gateway

resolv©conf is where the dns servernanes go©

or use netcfg for a gui in X

or netconfig for some basic setups in a terminal

or you can edit the following files


/etc/sysconfig/network
/etc/sysconfig/network-scripts/ifcfg-eth0
/etc/resolv©conf


post the outputs of ifconfig and route -n here

change your numbers a bit so not to post the real ip or mac address
:-¤

also your isp and connection info

 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
telneting to a udp port. juanb Linux - Security 3 03-06-2013 02:30 PM
SENDMAIL - How to prevent telnet into my server on port 25 adamrau Linux - Software 4 04-19-2010 08:17 PM
is it possible to hack telneting at port 25? sagun_newbie Linux - Security 4 07-18-2004 07:55 PM
How to prevent X server from opening port 6000 glock19 Linux - General 5 05-23-2002 04:19 PM
How to prevent someone from telneting to my mail server on port 25 adamrau Linux - Security 2 10-11-2001 03:33 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:22 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration