/etc/hosts file question
I am following this guide:
http://www.redhat.com/magazine/025no...ail/index.html The part where it states to: Edit your hosts file. Sendmail will make use of your /etc/hosts file, so you need to modify it so that mail is routed properly. Edit your /etc/hosts file and include a line that reads: 1.2.3.4 server1.mailjunkie.org where 1.2.3.4 is the IP address that is assigned to you by your ISP. My /etc/hosts file looks like this: 127.0.0.1 localhost.localdomain localhost 172.16.16.200 c3.mydomain.com c3 ::1 localhost.localdomain localhost Can I have 2 lines like this?: 172.16.16.200 c3.mydomain.com c3 65.256.myWAN.IP c3.mydomain.com I have the 172.16.16.200 line there just as standard practice for my lan. Thanks, Chris |
Actually by default you only need the loopback and localhost.
Code:
127.0.0.1 localhost.localdomain localhost |
OK, The DNS issue is resolved.
I have sendmail working and relaying mail via define('smarthost'), ('my.isp.smtp.server') I also have dovecot working as a pop3 server. I tested relaying with no username & no (pop) password and it appears to be open relaying. If mail leaves my network on TCP 25 and comes in (pop3) on 110, and I never need to send mail from outside my LAN, could I just leave port 25 closed at the router and open 110 to my pop server for mail to come in? Would that work? Or should I disable open relaying all together? Thanks, Chris |
Never ever have your MTA configured as an open relay. Never or you shall be shot for such things. Never I tell you. Close that open relay now unless you like to be called a spammer when spammers use your MTA to send everyone spam. Why are you still reading this, go close it already.
|
Quote:
Technically though, if I only have myself on a private LAN, could sending mail (smtp) and receiving mail (pop3) work if I ONLY open port 110 for incoming mail? ...& NOT open port 25 to the internet at all. My router will allow outbound traffic on port 25. Now I have another issue though... I cant receive mail from the outside. I have port 110 open and an MX record pointing to my WAN IP. Is that correct? I guess I need to research how to go about shutting off open relay if I'm going to leave this up & running. Whats your opinion on POP before SMTP? http://spam.abuse.net/adminhelp/smPbS.shtml Thanks, Chris |
An smtp server listens on port 25, but sends from any non-reserved port above 1023.
In short, server sw binds to a specified port (see /etc/services for IANA known ports), but clients send on any non-priv port ie above 1023, that is avail, chosen randomly by the system (at least as far as user is concerned.) |
So, to amplify what chrism01 said, in order to send and receive mail on the Internet, you need to have TCP port 25 open, and you either need to allow all unprivileged ports (1024:65535) to come and go unhindered, or (better) use iptables to permit ESTABLISHED connections and port 25 connections.
Mail sending and reception between your server and anyone else's server takes place over connections that begin on TCP port 25. Mail transfer between your server and your desktop (laptop?) machine occur using the POP3 protocol on TCP port 110. Since (I presume) this transfer always takes place behind the firewall, you should not need to allow port 110 traffic through the firewall. (In fact, since POP3 uses plaintext passwords, I would argue that it should never be used over the public Internet; instead, use IMAP, which protects your passwords through a challenge/response scheme.) |
You need port 25 open to recieve email from the world. But turn off open relaying or restrict it to your network or servers, not to the world.
Port 110 is used for POP access. 143 is IMAP, which are both totally different than 25 for the MTA. Think of it this way, the MTA using port 25 is the Post Office to route and deliver the mail. POP 110 or IMAP 143 is your legs that allow you to go check and retrieve your mail from the mailbox once it's been delivered. |
OK... I follow ya.
I upgraded the fedora machine with a clean install of Fedora 8. I guess open relaying on F8 is disabled by default. If I followed the guide here: http://www.redhat.com/magazine/025no...ail/index.html Only I did not install MailScanner, SpamAssassin, and ClamAV. ...and I modified /etc/mail/access to read: connect:localhost.localdomain RELAY connect:localhost RELAY connect:127.0.0.1 RELAY connect:172.16.16 RELAY Is this all I need to do to disable open relaying? Thanks, Chris |
All times are GMT -5. The time now is 07:47 AM. |