After months of working on it, I finally got my masqing working with a DHCP server running.
Now I want to turn it into a mail server.
I have accounts for the four members of my family already on the linux box. I have accounts with my ISP for them as well.
I think I have fetchmail on the system, but I don't think it is running (ps -ef | grep fetch gives nothing).
I know I have an imap mail server on the system, but it too is not running.
I have sendmail on the system. When I write an E-mail from within itself, it goes out fine. I tried setting up one of my Win95 PCs with the linux box as the SMTP server, but it puked with the error (using outlook Express 5 as the mail client) when I sent a test message to myself:
The message could not be sent becuase one of the recipients was rejected by the server. the rejected e-mail address was 'jwaldack(a)kc.rr.com'. Subject 'Test', Account: 'Test Account', Server: 'mufasa', Protocol SMTP, Server Response: '550 jwaldack(a)kc.rr.com... relaying denied', Port: 25, Secure (SSL): No, Server Error: 550, Error Number: 0x800CCC79
mufasa is my linux box with two LAN cards (one gets IP from rr.com, the other is 192.168.1.1 to the hub where the PC I tried sending the E-mail from, also on the hub, is 192.168.1.11. mufasa is defined to it by c:\Windows\hosts file).
(BTW: sending an E-mail to jwaldack(a)mufasa.kc.rr.com works just fine from within the LAN)
Is there some place I can get additional information on fetchmail, imapd, and setting up sendmail to accept E-mail from other sources?
Thanks for your help in advance.
> I think that running NFS on a firewall is _never_ reasonable. I played a
Yes you're right, sorry my question must have sounded a bit stupid
without further info. My setup is rather small-scale: while I have
the computer at uni, I need NFS-access (both directions) over the local
ethernet. The university has border firewalls installed, any attack would
have to come from a (possibly hacked) machine inside. While I have the
machine at home, I have no ethernet, and definitely need any protection
I can get (ISPs are providing real internet service - in both directions,
i.e. everything open). Back at uni I thought it doesn't hurt to keep the
firewall setup running... And I can dialup as well while being at uni,
in which case I definitely want to close NFS ports to ppp0!
> A firewall with server functionality is a contradiction in itself
> and certainly not recommended.
True, but running firewals is better than not doing it...
So, is anyone able to give a port-range which is typically used by NFS?
Gerhard Sittig <Gerhard.Sittig(a)gmx.net> wrote:
> On Sat, Sep 02, 2000 at 12:21 +0200, Matthias Krawen wrote:
> > [ ... 111 for portmapper, 2049 for nfs ... ]
> Is this a "given" or is it just "observed many times and usually
> done so"?
This is "given". The portmapper must be found on it's well known port,
i.e. 111, to be useful. The nfsd can be configured to use another
port, but defaults to 2049.
> I'm not clear about how determined or fix this
> knowledge is (and I thought the thread's originator watched NFS
> using different and mostly unpredictable ports).
There are some more daemons (e.g., mountd, statd, lockd) used by NFS,
and they use dynamically allocated ports. I.e., their port numbers are
not fixed and must be looked up at runtime via the portmapper.
Eilert Brinkmann -- Universitaet Bremen -- FB 3, Informatik
eilert(a)informatik.uni-bremen.de - eilert(a)tzi.org - eilert(a)linuxfreak.com
> Are you talking about MD5 sums in a list file on the FTP server?
> In that case this wouldn't make any sense: who is able to change
> the RPM packages, would be able to change the list file too...
Just one of the reasons why those MD5 sums are not so useful, which I
had argued a few times before on this list.
> > And perhaps this could then be PGP signed?
> Good point! I remember we had this topic here already, and IIRC
> They publish the MD5's in securty announcements that are sent to
> Bugtraq/etc. These MD5 sums are available in many places, such as my weekly
Fine, but packages are updated on the ftp server for which there is never
any advisory. Yet another reason why those MD5s aren't so useful. They
would be if they were handled properly, but that is very unlikely
> I seem to rmeber that too. In any case I'll be doing a review of it when it
> comes out and they'll be roasted (just like I did Debian =) if packages are
> not signed.
Turn your oven on:
> Date: Sun, 06 Aug 2000 22:43:12 +0200 (MEST)
> From: Roman Drahtmueller <draht(a)suse.de>
> Subject: Re: [suse-security] SuSE security reputation, etc..
> Cc: suse-security(a)suse.com
> > a waste of time anyway. USE GPG-SIGNING - NOW!
> Is on its way. But not for 7.0 any more - time was too tight.
On the other hand, I keep in mind that SuSE has, and solves, a large
pile of problems Red Hat simply doesn't have (e.g. languages). But I
strongly suggested taht MD5s are useless and package signing a necessity
when 6.3 was hot off the press!!
I got that firewals packet filter thing going - which was a lot easier
than delving straight into ipchains! What I'd like to know is which
settings to use when I want to allow NFS exporting to the local trusted
network (the FW_SERVICES_INTERNAL variables). The ports involved seem to
be a little on the move?? Sorry of this was up before, but can someone
point me to some reasonable settings which work in practice?