Directory listing....
...I did a test of my network and found a few linux holes...can someone tell me how to find out about shutting off directory listings, because the test said my scripts directory is showing. And I am having trouble with relaying with qmail...I want it off totally, I just want people to get their pop3 mail and logoff. Any ideas?
hi mike,
I guess you mean that one can browse the directories of the webserver? Check
your httpd.conf or simply put an index.html in every directory. For further
information we need to know your exact configuration (which webserver, your
httpd.conf, etc.).
qmail doesn't do any relaying by default. check your rcpthosts file. for
further information on configuring qmail, check www.qmail.org and
http://www.lifewithqmail.org/ or, more specifically on relaying:
http://www.palomine.net/qmail/relaying.html ...
best regards
reto inversini
----- Original Message -----
From: "Mike Garabedian"
...I did a test of my network and found a few linux holes...can someone tell me how to find out about shutting off directory listings, because the test said my scripts directory is showing.
And I am having trouble with relaying with qmail...I want it off totally, I just want people to get their pop3 mail and logoff.
Any ideas?
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Please don't crosspost between our lists, it's not very polite. * Mike Garabedian (mikejr@emergyscorp.com) [020205 10:33]:
...I did a test of my network and found a few linux holes...can someone tell me how to find out about shutting off directory listings, because the test said my scripts directory is showing.
I assume you are talking about httpd scripts? Make the directory executable by the apache user but not readable and check Indexes directive for scripts directory..it should be -Indexes.
And I am having trouble with relaying with qmail...I want it off totally, I just want people to get their pop3 mail and logoff.
List who is allowed to relay in /var/qmail/control/rcpthosts. If it's empty, no one can relay. -- -ckm
Okay...let me go through the whole situation....as I am now having problems sending mail out... People connect to a pop3 account on this network. This is how they get mail and send it. When I edit the rcpthosts file no one can send mail to anyone unless it is someone with the domain name listed in taht file. I need to shut the relay off except for people that are part of my mail server with an account on it. Any ideas. -----Original Message----- From: Mike Garabedian [mailto:mikejr@emergyscorp.com] Sent: Tuesday, February 05, 2002 1:38 PM To: Suse-Security Subject: [suse-security] Directory listing.... ...I did a test of my network and found a few linux holes...can someone tell me how to find out about shutting off directory listings, because the test said my scripts directory is showing. And I am having trouble with relaying with qmail...I want it off totally, I just want people to get their pop3 mail and logoff. Any ideas? -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
People connect to a pop3 account on this network. This is how they get mail and send it. When I edit the rcpthosts file no one can send mail to anyone unless it is someone with the domain name listed in taht file. You can't send mail with POP3, POP3 is only for users to get their mail from the server. To send (and relay) mail, SMTP (software: sendmail) is used. Please try to re-formulate your question to get an appropriate answer.
Markus -- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.at X Against HTML Mail / \
okay...when I add the mail domain I am a part of to the rcpthosts file, I can no longer send mail to anyone outside of that, for instance, I am at john.com, if I edit the file I can no longer send anyting to duke.edu. I want to be able to send mail anywhere from anywhere as long as I have a valid account on the system. How do I do it. -----Original Message----- From: Markus Gaugusch [mailto:markus@gaugusch.at] Sent: Tuesday, February 05, 2002 2:50 PM To: SuSE-Security Subject: RE: [suse-security] Directory listing....
People connect to a pop3 account on this network. This is how they get mail and send it. When I edit the rcpthosts file no one can send mail to anyone unless it is someone with the domain name listed in taht file. You can't send mail with POP3, POP3 is only for users to get their mail from the server. To send (and relay) mail, SMTP (software: sendmail) is used. Please try to re-formulate your question to get an appropriate answer.
Markus -- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.at X Against HTML Mail / \ -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
... check the qmail.org website, read the whole chapter about relaying, read
the newbies guide, read lifewithqmail, learn about smtp and pop3. you should
at least know the basics about the protocols and programs involved. smtp has
no method of user authentification, so you need to add that, e.g. by using
smtp after pop: first the user authenticates by creating a pop3 session,
then he/she is allowed to send mails through your server. but this method
has to be supported by your mailclient.
... but if you don't absolutely need that (because you have customers with
dynamic IPs from various ISPs), you should only allow the use of your smtp
server to send out mails from your local network.
best regards
reto inversini
----- Original Message -----
From: "Mike Garabedian"
okay...when I add the mail domain I am a part of to the rcpthosts file, I can no longer send mail to anyone outside of that, for instance, I am at john.com, if I edit the file I can no longer send anyting to duke.edu. I want to be able to send mail anywhere from anywhere as long as I have a valid account on the system. How do I do it.
-----Original Message----- From: Markus Gaugusch [mailto:markus@gaugusch.at] Sent: Tuesday, February 05, 2002 2:50 PM To: SuSE-Security Subject: RE: [suse-security] Directory listing....
People connect to a pop3 account on this network. This is how they get mail and send it. When I edit the rcpthosts file no one can send mail to anyone unless it is someone with the domain name listed in taht file. You can't send mail with POP3, POP3 is only for users to get their mail from the server. To send (and relay) mail, SMTP (software: sendmail) is used. Please try to re-formulate your question to get an appropriate answer.
Markus -- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.at X Against HTML Mail / \
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
On Tue, Feb 05, 2002 at 03:23:07PM -0500, Mike Garabedian wrote:
okay...when I add the mail domain I am a part of to the rcpthosts file, I can no longer send mail to anyone outside of that, for instance, I am at john.com, if I edit the file I can no longer send anyting to duke.edu. I want to be able to send mail anywhere from anywhere as long as I have a valid account on the system. How do I do it. correct me were I am wrong.
a) you can setup some pop-before-relay, think there are some "patches" around for sendmail, postfix and qmail (or does one of them has native support?); dont remember the keyword to lookup with google right now. b) you can setup some authentification with the smtp protocol itself. I did normal smtp, not relaying anything to anybody, and additionally smtp tls, which _requires_ certificates I created myself; has the additional effect that users can sign (S/MIME) their mail (ok, allmost nobody knows my CA). both done with postfix, nothing to do with pop. so everybody on the net can sent email to my domain(s). but only users whom I certified can sent/relay. they have to set this up in their favorite mail agent, wich can be awesome, if they do not know what you are talkin 'bout, but at least the most common windos clients support it, iirc. and linux boxes do, too, though I set this up on a "single" user machine only (my home box), telling postfix to use thisnthat certificate when using tls with that specific relay, so I cannot say whether end user agents support this (they have to support direct smpt and tls with certificate). c) you can do relaying from localhost only, then advise your users to use ssh to tunnel the ports to your mailserver. then you have to give them a valid shell, which may be a security risk. you can do it with key based authentification, no password, and forced command (sleep 600 or something). d) there where at least two more options I cannot remember right now hope it helps. lars
participants (5)
-
Christopher Mahmood
-
l.g.e@web.de
-
Markus Gaugusch
-
Mike Garabedian
-
Reto Inversini