RE: [suse-security] Sendmail SMTP AUTH / SSL
On my box I have sendmail running. In order to use SMTP over SSL I run it with stunnel in inetd:
smpts stream tcp nowait root /usr/local/sbin/stunnel stunnel -D 3 -p /usr/local/ssl/certs/stunnel.pem -r smtp
Further I configured sendmail to use SMTP AUTH. Everything works perfect.
But: smpts is on port 465. I configured my clients such that they use that port. So far so good. But now port 25 can still be used to send email. I could block it at the firewall but then I am not able to receive email any more, because other mailservers are talking with me on that port. (right?)
Is there a solution that I can use SMTP over SSL and SMTP AUTH? Clients should not be able to connect without SSL or SMPT AUTH!
firewall it on the local machine, Linux has firewalling capabilities (ipchains in 2.2, iptables in 2.4).
No no, that's not the point. I could do that. But I thought that other mailservers (for example yours) is talking to my mailserver on that port 25. Isn't that right? So if I block that port, I won't receive any mails any more! Raffy
No no, that's not the point. I could do that. But I thought that other mailservers (for example yours) is talking to my mailserver on that port 25. Isn't that right? So if I block that port, I won't receive any mails any more!
Depends on your mail setup. SMTP AUTH is not designed to secure server to server transactions (but it can, you just have to share keys/etc somehow, same problem IPSec is facing). It is meant to secure client to server connections (where they have a shared secret, i.e. username/password), and depending on your mail setup you may want to block port 25.
Raffy
-Kurt
participants (2)
-
Kurt Seifried
-
Raffy