[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

questions on ident, postfix & proftp

I've got a server setup to provide e-mail, web, ftp services on the internet. I also run a masquerading/firewall box to protect an internal network (these are separate boxes). Both run Debian Woody (one is intel box, the other is a powerpc box.)

Ident questions
Going through the Securing Debian HOW-TO I don't see a specific mention either for or against running the ident service (either through inetd or standalone.) Is there a consensus about if this service is particularly useful or not?

Digging around on the internet it mainly seems to be useful for IRC clients although some mention is made that it can be useful for preventing users of your system from forging e-mail from your system. As far as security on the system itself it appears mainly to be a point of DoS attacks, is this a valid evaluation? IRC clients won't be used from the server box, but machines on the internal network going through the firewall probably will. Is there a recommended way of setting ident up on a firewall? I've seen servers that provide proxying ident requests for internal machines, or responding with random responses, is one preferred over the other?

ProFTP question
The ProFTP debian package config file (/etc/proftpd.conf) has the user/group options listed twice. Once as root/root and the other as nobody/nogroup. Not sure if this is a security problem but it is confusing. I removed the root/root settings. Service runs fine without. Apologies if this is the wrong place to bring this up.

Postfix question
I have a laptop user that travels around and I'd like to let them send mail through postfix using authenticated smtp from anywhere on the internet (I like this better than the pop authentication == smtp authentication, as it seems more secure). Reading through the sample configs it looks like postfix provides this through sasl but it isn't recommended using it yet. Is there another way to securely provide authenticated smtp?

Kevin van Haaren

Reply to: