Re: running Exim with inetd / headder rewrite
In article <[🔎] 3.0.5.16.19990215225018.099f2dea@maine.edu>,
Kenneth F. Ryder III <Kryder71@maine.edu> wrote:
[exim in inetd.conf]
>smtp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/exim -bs
I've got:
smtp stream tcp nowait mail /usr/sbin/tcpd /usr/sbin/exim -bs
i.e. I run exim as user "mail" rather than as root... (well, it works,
so I assume it's ok, and the less daemons running as root the
better...)
>I allowed smtp calls to port 25, fixed the problem (and I believe this is
>the secure and proper way to do this {yes/no?}) So what's the deal? (I
>included some details about my system at the bottom of this letter that may
>help)
My /etc/hosts.allow includes:
ALL: LOCAL .sinshack arise.demon.co.uk
exim: .mail.demon.net
So, tcp wrappers will allow incoming connections from hostnames with
only one element (this is secure?) such as "localhost", hosts in my
local private network "sinshack", and from "arise.demon.co.uk" (my
Demon hostname).
Further, smtp connects are allowed from my ISP.
/etc/hosts.deny:
ALL: ALL
Everything else is a no-no :}
Sorry I can't help you with Exim's address rewriting, that's way over
my head...
SRH
--
Steve Haslam Validation Engineer, ARM Limited, Cambridge, England
there's something cold in the way you touch me
it's just the feeling you'd be better without me [mesh]
Reply to: