Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   CentOS (http://www.linux-archive.org/centos/)
-   -   Sendmail, localloop, and iptables -- should I be more paranoid? (http://www.linux-archive.org/centos/456021-sendmail-localloop-iptables-should-i-more-paranoid.html)

Robert Moskowitz 11-22-2010 02:11 PM

Sendmail, localloop, and iptables -- should I be more paranoid?
 
By default, sendmail only listens on the localloop:

DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

But by default to allow sendmail to even work the iptables entry is:

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j
ACCEPT

Without this, sendmail can't even connect to localloop. But should I
handedit this line to something like:

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -d 127.0.0.1
--dport 25 -j ACCEPT

And once you handedit iptables, you can't use the gnome firewall applet,
I suspect...



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


All times are GMT. The time now is 07:35 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.