ok... this may be a really stupid question, but here it goes anyway.

I've posted a few questions about firewalling in the past few days and I have gotten some really great help. But there is one thing I'm not sure of. I have a fully functional SMTP running on port 25. At this point is there anything that can be done to this port? IPChains only give me the option to REJECT, DENY, ACCEPT. Obviously if I use one of the first two I won't get any email right? So that leaves ACCEPT.

I guess my question is this: Are hackers looking for say a port 25 that doesn't have something like SMTP running and that isn't closed by IPCHAINS?

thanks for the help,
-cotfessi

No, I don't think anyone is looking for something other than smtp on 25. If you're running Sendmail, you should switch off the "expn" and "vrfy" commands though. This can be done by searching for the following line:

0 PrivacyOptions=authwarnings

Now make it look like this:

0 PrivacyOptions=authwarnings,novrfy,noexpn

And then restart Sendmail. You're one step safer now... the next step is to constantly keep updated with Sendmail.

If youare worried about security on port 25, switch to qmail. Its probably the most secure mail server out there as well as the best functioning.

-plasmid

so am i to understand that when you leave a port open say 25 for SMTP or 80 for the http you are only relying on the security contained within the application/daemon running on that port?

Yes cotfessi, that is correct. Lots of little daemons and stuff (telnet, ftp) are called by tcp wrappers and they check the /etc/hosts.allow and /etc/hosts.deny files. http, ssh, and smtp ususally have their own daemon that doesn't refer to the hosts files.

You may be able to block the SMTP port from all outside connections. It depends on how your mail is setup. SMTP is used for sending and receiving mail from other places. You can still allow access for sending mail directly from your computer.

If you closed off port 25 with your firewall, you would only be stopping incoming SMTP connections. It's not likely that you're running a mail server with your own domain name... so the only thing I can think of that would be affected is maybe fetchmail or procmail.

In summary, if you're not using fetchmail or procmail, you should be able to block the SMTP port without any problems. If you are using fetchmail or procmail, you'll have to look into it (man pages).

Either way, try sending and receiving mail after you block it.

Hmmmm.

I seriously doubt whether you even need to be running a mail server. Dont fall into the common misconception that you wont be able to send and receive mail if you dont have a mail server running. All this means is that you wont be able to use YOUR computer to send mail. SMTP server handles all the outgoing mail or forwarded mail from your computer. This runs on port 25. For incoming mail, a pop3 server is usually used and this runs on port 113 iirc.

I am still completely able to send and receive mail from my email address, im just not using my computer as the server to do it for a couple of reasons.

1. its an unnecessary security risk considering that i dont really need the functionality.

2. I can still get access to my mail perfectly using a email program and a remote server- so why bother?

3. Mail programs like sendmail can be pretty tricky to configure properly.

Mail servers are used to deliver local mail also, such as cron reports, tripwire reports, etc. Running "pine" will access this mail.

Although you can probably live without this, it's probably already set up to deliver local mail without a problem, as long as you can access your local SMTP port from your local computer.

So blocking it from the outside should really be fine...

You may want to try out pmfirewall, it has a really easy set up of a decent firewall. It will allow you to block incoming activity from the internet to port 25, but allow internel mail to function normally. You will still be able to use fetchmail with this configuration too. Good Luck

-plasmid

so you guys think that running external mail off your own machine is bad? I have a domain name pointing to my box, all of the correct MX, A, etc **** pointing to my IP address. I have exim working on my debian box.

My ISP does provide me with 1 email address, I just liked the freedom of having control over the whole email process, external and internal