Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: FreeBSD,Debian, RH, ok well most of em...
Posts: 238
Rep:
Ok not linux but AIX and secure sendmail setup
The scenario:
Background:
Secure server running AIX in a DMZ. Has scripted cron jobs which monitor processes and notify admins if things go wrong via sendmail. Currently listening on default interface for port 25.
Issue:
Do not want sendmail to listen on port 25, or any for that matter. Only to be configured to send and flush queue.
Suggested solutions:
1) Run send mail from loopback interface only. Add line DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA in /etc/sendmail.cf. This is currently done on secure Red Hat and FreeBSD servers without issue.
2) Configure sendmail for inetd process. Create sendmail script and place in inetd.d directory to force sendmail to run outbound only. Add cron "10 * * * * /usr/sbin/sendmail -q" to run and flush queue every 10 minutes. With this option sendmail will respond to port 25 when a request is made however will not always be listening.
3) Implement both above solutions.
Request for comments:
Looking for suggestions as to best practice for the above scenario. I have and currently use option one on all of my servers without issue but thought I would get some feedback from the grey matter here on this board.
I suggest that you not run sendmail as a daemon at all, if it is not accepting incoming mail delivery. If your cron jobs are doing thier job at keeping the mail queue moving, then it is not nessasary to run sendmail as a daemon. Knowing nothing about AIX, I can't illude as how to take it out of the init process. If it is SYSV based, there will be a script under /etc/init.d that you can simply remove the executable permission and it will be disabled (but no deleted) from startup. From the language of your message, you are already familiar with all of this and I'm now asking myself, "why am I explaining this?". I hope this helps, good luck.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.