LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   /etc/hosts file question (https://www.linuxquestions.org/questions/linux-server-73/etc-hosts-file-question-605578/)

chrisknight 12-09-2007 07:33 AM
/etc/hosts file question
 
I am following this guide:
http://www.redhat.com/magazine/025no...ail/index.html

The part where it states to:
Edit your hosts file.
Sendmail will make use of your /etc/hosts file, so you need to modify it so that mail is routed properly. Edit your /etc/hosts file and include a line that reads:
1.2.3.4 server1.mailjunkie.org
where 1.2.3.4 is the IP address that is assigned to you by your ISP.

My /etc/hosts file looks like this:
127.0.0.1 localhost.localdomain localhost
172.16.16.200 c3.mydomain.com c3
::1 localhost.localdomain localhost


Can I have 2 lines like this?:
172.16.16.200 c3.mydomain.com c3
65.256.myWAN.IP c3.mydomain.com

I have the 172.16.16.200 line there just as standard practice for my lan.


Thanks,
Chris

trickykid 12-09-2007 07:57 AM
Actually by default you only need the loopback and localhost.

Code:
127.0.0.1    localhost.localdomain localhost
If you have proper DNS setup or using your ISP's DNS servers, you don't need to modify this file, unless you have more than one machine on your local private LAN and too lazy to setup your own DNS server for name resolution.

chrisknight 12-09-2007 01:46 PM
OK, The DNS issue is resolved.

I have sendmail working and relaying mail via
define('smarthost'), ('my.isp.smtp.server')
I also have dovecot working as a pop3 server.

I tested relaying with no username & no (pop) password and it appears to be open relaying.

If mail leaves my network on TCP 25 and comes in (pop3) on 110, and I never need to send mail from outside my LAN, could I just leave port 25 closed at the router and open 110 to my pop server for mail to come in?
Would that work?


Or should I disable open relaying all together?

Thanks,
Chris

trickykid 12-09-2007 02:18 PM
Never ever have your MTA configured as an open relay. Never or you shall be shot for such things. Never I tell you. Close that open relay now unless you like to be called a spammer when spammers use your MTA to send everyone spam. Why are you still reading this, go close it already.

chrisknight 12-09-2007 03:11 PM
Quote:
Originally Posted by trickykid (Post 2985182)
Never ever have your MTA configured as an open relay. Never or you shall be shot for such things. Never I tell you. Close that open relay now unless you like to be called a spammer when spammers use your MTA to send everyone spam. Why are you still reading this, go close it already.
I realize this. I had no intention of opening that servers port 25 to the internet.

Technically though, if I only have myself on a private LAN, could sending mail (smtp) and receiving mail (pop3) work if I ONLY open port 110 for incoming mail? ...& NOT open port 25 to the internet at all. My router will allow outbound traffic on port 25.

Now I have another issue though... I cant receive mail from the outside. I have port 110 open and an MX record pointing to my WAN IP. Is that correct?

I guess I need to research how to go about shutting off open relay if I'm going to leave this up & running.
Whats your opinion on POP before SMTP?
http://spam.abuse.net/adminhelp/smPbS.shtml

Thanks,
Chris

chrism01 12-09-2007 08:09 PM
An smtp server listens on port 25, but sends from any non-reserved port above 1023.
In short, server sw binds to a specified port (see /etc/services for IANA known ports), but clients send on any non-priv port ie above 1023, that is avail, chosen randomly by the system (at least as far as user is concerned.)

dkm999 12-09-2007 10:51 PM
So, to amplify what chrism01 said, in order to send and receive mail on the Internet, you need to have TCP port 25 open, and you either need to allow all unprivileged ports (1024:65535) to come and go unhindered, or (better) use iptables to permit ESTABLISHED connections and port 25 connections.

Mail sending and reception between your server and anyone else's server takes place over connections that begin on TCP port 25. Mail transfer between your server and your desktop (laptop?) machine occur using the POP3 protocol on TCP port 110. Since (I presume) this transfer always takes place behind the firewall, you should not need to allow port 110 traffic through the firewall. (In fact, since POP3 uses plaintext passwords, I would argue that it should never be used over the public Internet; instead, use IMAP, which protects your passwords through a challenge/response scheme.)

trickykid 12-10-2007 08:32 AM
You need port 25 open to recieve email from the world. But turn off open relaying or restrict it to your network or servers, not to the world.

Port 110 is used for POP access. 143 is IMAP, which are both totally different than 25 for the MTA.

Think of it this way, the MTA using port 25 is the Post Office to route and deliver the mail. POP 110 or IMAP 143 is your legs that allow you to go check and retrieve your mail from the mailbox once it's been delivered.

chrisknight 12-21-2007 04:50 PM
OK... I follow ya.

I upgraded the fedora machine with a clean install of Fedora 8.
I guess open relaying on F8 is disabled by default.

If I followed the guide here:
http://www.redhat.com/magazine/025no...ail/index.html

Only I did not install MailScanner, SpamAssassin, and ClamAV.

...and I modified /etc/mail/access
to read:

connect:localhost.localdomain RELAY
connect:localhost RELAY
connect:127.0.0.1 RELAY
connect:172.16.16 RELAY

Is this all I need to do to disable open relaying?

Thanks,
Chris


All times are GMT -5. The time now is 07:47 AM.