Re: exim exposed to the internet
On Sun, Oct 12, 2003 at 17:12:43 +0200, David Fokkema wrote:
> So I decided to run eximconfig and upgraded my mail server to not use a
> smarthost. Works perfectly! I still have port 25 closed on my server,
> however. Can I just open it
Perhaps you should first ask yourself why you would want to have it open.
Is there a specific need for this system to receive mail from the outside
world using SMTP? If so, you need to have it open. If not, there is no
reason to give a cracker, or a piece of malware another potential point of
entry into your system.
> or are there things to worry about?
With a security hat on, there are always things to worry about. It's a
matter of degree. Exim has a very good security track record compared to
e.g. sendmail, but (potential) issues have been found and fixed (see
http://www.debian.org/security/2003/dsa-376).
I'm happily using exim3 and exim4 on woody and sid systems. Still, on
systems that don't need a full-blown MTA, I use ssmtp (as it is much smaller
and simpler) and on systems that need a more complete MTA but don't need to
receive mail, I use exim listening on localhost only.
HTH,
Ray
--
We do not worry about Microsoft developing Open Source applications. Their
revenue stream is based on a heroin addiction of selling ever more software.
Red Hat's Bob Young quoted in
http://www.theregister.co.uk/content/1/11321.html
Reply to: