NEWBIES, SMTP and SECURITY
I am a casual user of Debian. Just got a call from @home informing me that without my
knowledge, my computer was being used as a mail relay to send spam mail and that I was
responsible for the security to see that this didn't happen. It took me a few minutes
reading the Security Howto to see that I should look into inetd.conf. I had to figure out
that I should comment out smtp (not of course suggested by the howto}. I am not a very
literate Linux user but have been around a while and I have to wonder what your usual
Newbie would have done since @home doesn't support Linux. I have a few questions.
1. Why is smtp installed by default? The typical user who uses Netscape apparently
doesn't need it. Perhaps it should be installed only with packages that need it, and security
problems addressed.
2. The Security Howto said that login, shell and exec should be disabled in inetd.conf
since they are extremely insecure. I have no idea what they do but they were NOT
disabled in my install. Did I somehow choose inadvertently to install an insecure system,
and if not, why are these there by default (and what do they do anyway).
These are the kinds of things that give Linux a bad name. If I am all wet and there are
good reasons for the default install, I would appreciate knowing what they are. If not, why
haven't they been fixed a long time ago.
Albert Hurd
Reply to: