[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: running Exim with inetd / headder rewrite



In article <[🔎] 3.0.5.16.19990215225018.099f2dea@maine.edu>,
Kenneth F. Ryder III <Kryder71@maine.edu> wrote:
[exim in inetd.conf]

>smtp   stream   tcp    nowait   root   /usr/sbin/tcpd     /usr/sbin/exim -bs 

I've got:

smtp stream tcp nowait mail /usr/sbin/tcpd /usr/sbin/exim -bs

i.e. I run exim as user "mail" rather than as root... (well, it works,
so I assume it's ok, and the less daemons running as root the
better...)

>I allowed smtp calls to port 25, fixed the problem (and I believe this is
>the secure and proper way to do this {yes/no?}) So what's the deal?  (I
>included some details about my system at the bottom of this letter that may
>help)

My /etc/hosts.allow includes:

ALL: LOCAL .sinshack arise.demon.co.uk
exim: .mail.demon.net

So, tcp wrappers will allow incoming connections from hostnames with
only one element (this is secure?) such as "localhost", hosts in my
local private network "sinshack", and from "arise.demon.co.uk" (my
Demon hostname).

Further, smtp connects are allowed from my ISP.

/etc/hosts.deny:
ALL: ALL

Everything else is a no-no :}

Sorry I can't help you with Exim's address rewriting, that's way over
my head...

SRH
-- 
Steve Haslam            Validation Engineer, ARM Limited, Cambridge, England
there's something cold in the way you touch me
it's just the feeling you'd be better without me                      [mesh]


Reply to: