questions on ident, postfix & proftp
I've got a server setup to provide e-mail, web, ftp services on the
internet. I also run a masquerading/firewall box to protect an
internal network (these are separate boxes). Both run Debian Woody
(one is intel box, the other is a powerpc box.)
Ident questions
============
Going through the Securing Debian HOW-TO I don't see a specific
mention either for or against running the ident service (either
through inetd or standalone.) Is there a consensus about if this
service is particularly useful or not?
Digging around on the internet it mainly seems to be useful for IRC
clients although some mention is made that it can be useful for
preventing users of your system from forging e-mail from your system.
As far as security on the system itself it appears mainly to be a
point of DoS attacks, is this a valid evaluation? IRC clients won't
be used from the server box, but machines on the internal network
going through the firewall probably will. Is there a recommended way
of setting ident up on a firewall? I've seen servers that provide
proxying ident requests for internal machines, or responding with
random responses, is one preferred over the other?
ProFTP question
============
The ProFTP debian package config file (/etc/proftpd.conf) has the
user/group options listed twice. Once as root/root and the other as
nobody/nogroup. Not sure if this is a security problem but it is
confusing. I removed the root/root settings. Service runs fine
without. Apologies if this is the wrong place to bring this up.
Postfix question
============
I have a laptop user that travels around and I'd like to let them
send mail through postfix using authenticated smtp from anywhere on
the internet (I like this better than the pop authentication == smtp
authentication, as it seems more secure). Reading through the sample
configs it looks like postfix provides this through sasl but it isn't
recommended using it yet. Is there another way to securely provide
authenticated smtp?
Thanks,
Kevin van Haaren
Reply to: