AW: [suse-security] "Submission" port on sendmail
Hi Roman, did I get something wrong? The sendmail in the example is listening on this port. Marek -----Ursprüngliche Nachricht----- Von: Roman Drahtmueller [mailto:draht@suse.de] Gesendet am: Dienstag, 21. November 2000 15:33 An: RoMaN SoFt / LLFB!! Cc: suse-security@suse.com Betreff: Re: [suse-security] "Submission" port on sendmail
emilio:~ # grep submission /etc/services submission 587/tcp # Submission submission 587/udp # Submission
It permits users send or receive mail. Admin tasks are made through ssh and some logs are sent via syslog.
Why is sendmail opening "submission" port??? What is it intended for? Is it insecure??? Could I close it? How?
A port as such is never "insecure" (please don't prove me wrong...).
sendmail uses port 587 by pure coincidence. Next time it will be another
port.
Roman.
--
- -
| Roman Drahtmüller
Hi Roman,
did I get something wrong? The sendmail in the example is listening on this port.
Marek
Sorry. _I_ did get it wrong. I wasn't aware that the output indicates
listening sockets.
Thanks,
Roman.
--
- -
| Roman Drahtmüller
On Tue, Nov 21, 2000 at 04:14:38PM +0100, Roman Drahtmueller wrote:
Hi Roman,
did I get something wrong? The sendmail in the example is listening on this port.
Marek
Sorry. _I_ did get it wrong. I wasn't aware that the output indicates listening sockets.
Sendmail (as of 8.11?) listens on port 587 (submission) additionally to port 25. This port is described in RFC2476 and is intended for email submission by MUAs. The protocol is similar (the same?) as on port 25. The intention is that on port 25 normal email is received, while on port 587 email is submitted for transportation, requiring e.g. authentication that is not always practical on port 25. There is no difference in the security implications between port 25 and 587. Best regards, Lutz -- Lutz Jaenicke Lutz.Jaenicke@aet.TU-Cottbus.DE BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
Hello! Is it possible to have SuSE-firewall log it's data in a separate file, rather than in /var/log/messages? And if so, how? I did read the FM and the config-files :o) Cheers! Yuri. -------------------------------------------------------------------------- drs. Yuri Robbers phone : +31-71-527-4966 Leiden University fax : +31-71-527-4900 Institute for Theoretical Biology email : robbers@rulsfb.leidenuniv.nl Kaiserstraat 63 2311 GP Leiden PGP 5.0 public key available: the Netherlands Check your favourite hkp server. --------------------------------------------------------------------------
Hi Try editing /etc/syslog.conf If u insert a line -- kern.* /var/log/firewall -- everything related to kernel msgs .. (including your firewall output) will be written into that file.. Maybe u also want to remove kernel msgs from /var/log/messages then .. Editing the line that says -/var/log/messages at the end will help you Maybe u also want to read syslog's manpage.. Cheers.. -- Mit freundlichen Grüßen Alexander Bien -- PIRONET NDH Alexander Bien - Technical Assistant - SBU Services Josef-Lammerting-Allee 14-18, 50933 Cologne - Germany Tel.: +49 (0)172 7760569 - Fax: +49 (0)221 770 2815 mailto:abien@pironet.com - http://www.pironet.com
-----Original Message----- From: Yuri Robbers [mailto:yuri@rulbii.leidenuniv.nl] Sent: Tuesday, November 21, 2000 4:41 PM To: suse-security@suse.com Subject: [suse-security] SuSE-Firewall logging
Hello!
Is it possible to have SuSE-firewall log it's data in a separate file, rather than in /var/log/messages? And if so, how? I did read the FM and the config-files :o)
Cheers! Yuri.
-------------------------------------------------------------------------- drs. Yuri Robbers phone : +31-71-527-4966 Leiden University fax : +31-71-527-4900 Institute for Theoretical Biology email : robbers@rulsfb.leidenuniv.nl Kaiserstraat 63 2311 GP Leiden PGP 5.0 public key available: the Netherlands Check your favourite hkp server. --------------------------------------------------------------------------
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Yes Yuri this is true. It will log all kern messages. You can get what you want out of it with grep. Just read /var/log/firewall to figure out your search criteria. I'm not sure, but you may be able to redirect the log in syslog.conf through grep and force two different files to be written as well. I don't know if you can run programs from syslog.conf or not. -----Original Message----- From: Alexander Bien [mailto:abien@gmx.net] Sent: Tuesday, November 21, 2000 8:08 AM To: suse-security@suse.com Subject: RE: [suse-security] SuSE-Firewall logging Hi Try editing /etc/syslog.conf If u insert a line -- kern.* /var/log/firewall -- everything related to kernel msgs .. (including your firewall output) will be written into that file.. Maybe u also want to remove kernel msgs from /var/log/messages then .. Editing the line that says -/var/log/messages at the end will help you Maybe u also want to read syslog's manpage.. Cheers.. -- Mit freundlichen Grüßen Alexander Bien -- PIRONET NDH Alexander Bien - Technical Assistant - SBU Services Josef-Lammerting-Allee 14-18, 50933 Cologne - Germany Tel.: +49 (0)172 7760569 - Fax: +49 (0)221 770 2815 mailto:abien@pironet.com - http://www.pironet.com
-----Original Message----- From: Yuri Robbers [mailto:yuri@rulbii.leidenuniv.nl] Sent: Tuesday, November 21, 2000 4:41 PM To: suse-security@suse.com Subject: [suse-security] SuSE-Firewall logging
Hello!
Is it possible to have SuSE-firewall log it's data in a separate file, rather than in /var/log/messages? And if so, how? I did read the FM and the config-files :o)
Cheers! Yuri.
-------------------------------------------------------------------------- drs. Yuri Robbers phone : +31-71-527-4966 Leiden University fax : +31-71-527-4900 Institute for Theoretical Biology email : robbers@rulsfb.leidenuniv.nl Kaiserstraat 63 2311 GP Leiden PGP 5.0 public key available: the Netherlands Check your favourite hkp server. --------------------------------------------------------------------------
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (6)
-
Alexander Bien
-
Lutz Jaenicke
-
Roman Drahtmueller
-
Stiefenhofer, Marek ECOFIS
-
Wade Chandler
-
Yuri Robbers