[Techtalk] RH7.2 Server Question

Nils Philippsen nils at wombat.dialup.fht-esslingen.de
Thu Apr 25 07:53:56 EST 2002 

Hi Samantha,

On Thu, 2002-04-25 at 01:31, Samantha wrote:
> On Wednesday 24 April 2002 03:14 pm, a magikal owl from Kai MacTane delivered 
> this message:
> > At 4/24/02 01:01 PM , Samantha wrote:
> > >--- Kai MacTane <kmactane at GothPunk.com> wrote:
> > > > Do you have some kind of firewalling set up?
> > >
> > >Yes, but it is set to allow telnet.
> >
> > The firewall distinguishes "telnet" by what port it's destined for. This
> > means it will only allow connections to port 23. To get it to allow
> > connections to ports 22 and 25, you'll need to set your firewall rules to
> > allow connections to smtp and ssh. (I'm not sure if your firewalling
> > software's UI does this by port number or by service name, so either "ssh"
> > and "smtp", or 22 and 25.)
> >
> > Basically, neither your firewall nor any other part of your server can tell
> > what particular client program is being used on the other end of the
> > connection; a telnet connection to port 25 looks just like a "real" SMTP
> > connection, except that it proceeds at human typing speed instead of
> > super-fast computer speed. Or, to look at it another way, a program
> > actually connects to an SMTP server by forming a telnet connection to it.
> >
> >                                                  --Kai MacTane
> 
> *nods* It is set to allow both ssh and smtp connections as well. I will 
> double check because I have a bad habit of misremembering the ways that I 
> actually set things, but I do distinctly remember setting it to allow 
> conntections to those ports because I remember thinking how insecure but 
> doing it anyway.

What you're apparently running into is that sendmail in 7.2 by default
only accepts connections on the loopback interface:

--- 8< --- /etc/mail/sendmail.mc ---
[...]
dnl This changes sendmail to only listen on the loopback device 127.0.0.1
dnl and not on any other network devices. Comment this out if you want
dnl to accept email over the network.
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')
[...]
--- >8 -----------------------------

To change it, you need to have the sendmail-cf package installed.

Copy /etc/mail/sendmail.mc to /usr/share/sendmail-cf/cf/, comment out
the DAEMON_OPTIONS line, "make sendmail.cf" and copy the new sendmail.cf
from /usr/share/sendmail-cf/cf/ to /etc/sendmail.cf. Restart sendmail.
Enjoy (hopefully ;-).

Nils
-- 
 Nils Philippsen / Berliner Straße 39 / D-71229 Leonberg //
+49.7152.209647
nils at wombat.dialup.fht-esslingen.de / nils at redhat.de /
nils at fht-esslingen.de
        Ever noticed that common sense isn't really all that common?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
Url : http://linuxchix.org/pipermail/techtalk/attachments/20020425/d1980ea2/attachment.pgp

More information about the Techtalk mailing list