Red HatThis forum is for the discussion of Red Hat Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
xinetd has nothign to do with smtp, why did you think it did?
you can't (easily) block access from a telnet client to any tcp port, i guess you're not really clear on what the use of telnet in that situation is. telnet in itself is an extremely simple client, which does virtually nothing. the only slightly "clever" bit is the server which spawns a login shell on the telnet port when connected to it. as the client is so simple, it can be used in many different ways to troubleshoot servers and netwrok connectivity. it basically just allows a human user to interact with whatever serivce is connected to a tcp port. when used in this way, it's really *not* telnet at all, just a pipe to a tcp port.
as you're hopefully aware telnet is regarded as a huge security risk, and i'd assume that's why you wish to stop it here, but the risk is actually the use of the client and the sever and the way a login esssion works across the two, not the client itself at all.
basically don't try to block it, there's no point and i'm not really even sure it's possible as telnet clients don't really identify themselves in any way at all on connection, they just send whatever keypresses you make and show you what the server replies with, hence it's many many uses debugging smtp, http, etc...
You can't stop it as far as I know, and there is nothing unsafe about people using a telnet client to access your mail server. It's the telnet server which is unsafe and you are shutting that down with xinetd.
xinetd has nothign to do with smtp, why did you think it did?
you can't (easily) block access from a telnet client to any tcp port, i guess you're not really clear on what the use of telnet in that situation is. telnet in itself is an extremely simple client, which does virtually nothing. the only slightly "clever" bit is the server which spawns a login shell on the telnet port when connected to it. as the client is so simple, it can be used in many different ways to troubleshoot servers and netwrok connectivity. it basically just allows a human user to interact with whatever serivce is connected to a tcp port. when used in this way, it's really *not* telnet at all, just a pipe to a tcp port.
as you're hopefully aware telnet is regarded as a huge security risk, and i'd assume that's why you wish to stop it here, but the risk is actually the use of the client and the sever and the way a login esssion works across the two, not the client itself at all.
basically don't try to block it, there's no point and i'm not really even sure it's possible as telnet clients don't really identify themselves in any way at all on connection, they just send whatever keypresses you make and show you what the server replies with, hence it's many many uses debugging smtp, http, etc...
What I am trying to do is restrict access to that. In other words, I do not want anyone using telnet to connect to the SMTP server. So my questions remains, how do I do this? Setting in qmail-smtp? Firewall settings? Shutting down xinetd?
did you not read what i wrote?? I'm a network architect, i spend all day working with ethernet and tcp/ip. i know what the issues are here, and going by your reply you really don't understand your own question. maybe if you wish to keep persuing this, actaully give a reason as to why you think this is a bad thign to do.
If your SMTP service is in open relay, any one can use your SMTP server to send mails. To resolve this we need to change the relay to closed relay. If you did like this you can safe guard your SMTP server and all of them can get response from port 25 but they can't use your service to send mails without authorization.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.