[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: exim exposed to the internet

On Sun, Oct 12, 2003 at 17:12:43 +0200, David Fokkema wrote:
> So I decided to run eximconfig and upgraded my mail server to not use a
> smarthost. Works perfectly! I still have port 25 closed on my server,
> however. Can I just open it

Perhaps you should first ask yourself why you would want to have it open.

Is there a specific need for this system to receive mail from the outside
world using SMTP? If so, you need to have it open. If not, there is no
reason to give a cracker, or a piece of malware another potential point of
entry into your system.

> or are there things to worry about?

With a security hat on, there are always things to worry about. It's a
matter of degree. Exim has a very good security track record compared to
e.g. sendmail, but (potential) issues have been found and fixed (see

I'm happily using exim3 and exim4 on woody and sid systems. Still, on
systems that don't need a full-blown MTA, I use ssmtp (as it is much smaller
and simpler) and on systems that need a more complete MTA but don't need to
receive mail, I use exim listening on localhost only.

We do not worry about Microsoft developing Open Source applications. Their
revenue stream is based on a heroin addiction of selling ever more software.
	Red Hat's Bob Young quoted in

Reply to: