LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-27-2007, 03:11 AM   #1
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE Tumbleweed-KDE, Mint 21, MX-21, Manjaro
Posts: 4,637

Rep: Reputation: Disabled
Postfix/master: How to close Port 25?


I want to secure my box but can't get closed port 25 . The Postfix/master process is listening here (as found out by "netstat -pantu" and "nmap").

I can't shut the sevice down entirely, since I need the mailed messages from the system. I tried /etc/postfix/main.cf, /etc/postfix/master, /etc/postfix/access but no luck there (changed the inet_interface to 127.0.0.1, nothing happened).

Where would be the config file, and what to change there?

BTW: This is a stand alone workstation, no chance for an external scan.

Any ideas?

Last edited by JZL240I-U; 03-27-2007 at 03:13 AM.
 
Old 03-27-2007, 03:46 AM   #2
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Well postfix needs to listen on something, so you can change port (I guess that doesn't help) or close port 25 to external pareties using iptables or other firewall.

If its' truly a standalone workstation with no chance for an external scan, why do you care?
 
Old 03-27-2007, 07:15 AM   #3
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE Tumbleweed-KDE, Mint 21, MX-21, Manjaro
Posts: 4,637

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by billymayday
Well postfix needs to listen on something, so you can change port (I guess that doesn't help) or close port 25 to external pareties using iptables or other firewall.
No, I want to make it listen only to 127.0.0.1:25, I need the functionality ... in short; I want to close the port against external connection attempts. Firewall comes next additionally...

Quote:
Originally Posted by billymayday
If its' truly a standalone workstation with no chance for an external scan, why do you care?
What I meant is, I have no network (LAN). I connect the machine via 56k modem to the internet.
 
Old 03-27-2007, 03:20 PM   #4
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
OK. Now I'm not very good at master.cf, but I think you can replace:

Code:
smtp      inet  n       -       n       -       -       smtpd
with

Code:
127.0.0.1:smtp      inet  n       -       n       -       -       smtpd
 
Old 03-28-2007, 04:53 AM   #5
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE Tumbleweed-KDE, Mint 21, MX-21, Manjaro
Posts: 4,637

Original Poster
Rep: Reputation: Disabled
Thank you, I'll try that.

BTW. I found a site which is doing network scans on ones own machine. Funny enough, port 25 seems to be closed from the outside ...
 
Old 03-28-2007, 05:03 AM   #6
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Probably the default firewall
 
Old 03-28-2007, 05:19 AM   #7
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE Tumbleweed-KDE, Mint 21, MX-21, Manjaro
Posts: 4,637

Original Poster
Rep: Reputation: Disabled
Tried it. Results: mixed . From "netstat -pantu" I still have
Code:
...
tcp 0 0 127.0.0.1:25 0.0.0.0:25  LISTEN  Postfix/master
while
Code:
...
tcp 0 0 ::1:25 :::*  LISTEN  Postfix/master
is gone.

Now what the...
 
Old 03-29-2007, 02:29 AM   #8
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE Tumbleweed-KDE, Mint 21, MX-21, Manjaro
Posts: 4,637

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by billymayday
Probably the default firewall
No, I toggled it on and off scanning repeatedly, ports changed between "closed" and "not available" (? if memory serves right), certainly not "listen"...
 
Old 03-29-2007, 03:50 AM   #9
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Listen just means some program is listening on a particular port - as you point out, a firewall can't listen in itself, it just directs traffic (including dropping it).

From what I can find, 0.0.0.0 is just the default gateway, exactly what that means is a little unclear to me but would seem to be purely local, and I suspect null.

The other setting in main.cf is inet_interfaces. If this is only set to localhost, then a portscan shouldn't find anything listening on port 25 of you network IP.
 
Old 03-29-2007, 09:27 AM   #10
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE Tumbleweed-KDE, Mint 21, MX-21, Manjaro
Posts: 4,637

Original Poster
Rep: Reputation: Disabled
Doesn't work here. After following your suggestion I get:
Code:
linux:/home/me # netstat -pantu
Aktive Internetverbindungen (Server und stehende Verbindungen)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:631             0.0.0.0:*               LISTEN      5428/cupsd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      7386/master
tcp        0      0 127.0.0.1:4153          127.0.0.1:25            TIME_WAIT   -
tcp        0      0 127.0.0.1:5018          127.0.0.1:631           TIME_WAIT   -
udp        0      0 0.0.0.0:631             0.0.0.0:*                           5428/cupsd
linux:/home/me # nmap -sV -v -p 0-65535 127.0.0.1

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2007-03-29 16:22 CEST
Initiating SYN Stealth Scan against localhost (127.0.0.1) [65536 ports] at 16:22
Discovered open port 25/tcp on 127.0.0.1
Discovered open port 631/tcp on 127.0.0.1
The SYN Stealth Scan took 12.97s to scan 65536 total ports.
Initiating service scan against 2 services on localhost (127.0.0.1) at 16:22
The service scan took 5.10s to scan 2 services on 1 host.
Host localhost (127.0.0.1) appears to be up ... good.
Interesting ports on localhost (127.0.0.1):
(The 65534 ports scanned but not shown below are in state: closed)
PORT    STATE SERVICE VERSION
25/tcp  open  smtp    Postfix smtpd
631/tcp open  ipp     CUPS 1.1.23

Nmap finished: 1 IP address (1 host up) scanned in 19.667 seconds
               Raw packets sent: 65543 (2.62MB) | Rcvd: 131077 (5.24MB)
linux:/home/me #
And you'll notice netstat saying "port 25 LISTEN" and nmap saying "open port 25/tcp", so that blasted thing is open ...
 
Old 03-29-2007, 10:46 AM   #11
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
But only on localhost, so where's the issue?
 
Old 03-30-2007, 01:06 AM   #12
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE Tumbleweed-KDE, Mint 21, MX-21, Manjaro
Posts: 4,637

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by billymayday
But only on localhost, so where's the issue?
The issue? I'm blinded by my own whishes, obviously . That is exactly what I wanted to achieve. Thank you for helping and your patience .

And now for CUPS...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Which port should I close? schneemann Linux - Networking 5 11-15-2005 03:15 AM
close a port mfrangos79 Linux - Security 7 11-03-2005 01:32 AM
Close Ports (portmap/master) DATA_OK Linux - Security 2 09-26-2004 11:20 PM
cant get port 21 to close crosswire Linux - Newbie 4 09-14-2004 06:17 PM
so close on postfix, please help!!! lucastic Linux - Software 1 09-14-2003 02:53 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:16 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration