Re: How To Set Up Mail-out-only System ?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 11 Feb 2004 02:40:07 +0100,
Nick Boyce <nick@glimmer.demon.co.uk> wrote:
> Sorry if this is a dumb question ...
>
> I've just set up a "secure" (you know .. more than usual) Debian system,
> and want to arrange things so that it can send mail out when necessary
> (in case anything happens that it thinks I should know about) but is
> *not* constantly listening for incoming mail.
>
> Is there a best way of doing this ?
>
> The default Exim MTA is installed, and I've commented out the SMTP line
> from inetd.conf, but there is a /etc/init.d/exim startup script that
> comes with the Exim package, that has this :
>
> # Exit if exim runs from /etc/inetd.conf
> if [ -f /etc/inetd.conf ] && grep -q "^ *smtp" /etc/inetd.conf; then
> exit 0
> fi
> [...]
> case "$1" in
> start)
> echo -n "Starting MTA: "
> start-stop-daemon --start --pidfile /var/run/exim/exim.pid \
> --exec $DAEMON -- -bd -q30m
>
> So one way or the other, Exim gets to listen.
>
> In exim.conf, there is
> # This will cause it to accept mail only from the local interface
> #local_interfaces = 127.0.0.1
> so I could set that option. Would that stop Exim from binding to the
> ethernet interface ?
>
> Should I just remove the S20exim symlink from rc?.d ?
> That seems a bit of a kludge. If this was NetBSD, I'd set something
> like "exim=no" in somewhere like rc.conf ... is there a Debian
> equivalent to that ?
>
> TIA for any advice.
> Nick Boyce
> Bristol, UK
>
>
Just firewall off port 25 from the network. Leave it visible internally
on the loopback, so you can still use it for a local MTA.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFAKZC5d90bcYOAWPYRAtGyAJ9i9GnQhUa9RxtPuerpGbktsZzLtQCgmOGW
KVwsJnoPAF7pfFBNWbUPG8M=
=w2SY
-----END PGP SIGNATURE-----
--
Jim Richardson http://www.eskimo.com/~warlock
"We have to go forth and crush every world view that doesn't believe in
tolerance and free speech," - David Brin
Reply to: