Mailinglist Archive: opensuse-security (555 mails)

< Previous Next >
closing ports (canna, squid and sendmail)
  • From: Joss Winn <joss@xxxxxxxxxxxx>
  • Date: Tue, 22 May 2001 08:39:35 +0900
  • Message-id: <3B09A730.C1E4D173@xxxxxxxxxxxx>

I am reviewing the security on my home desktop and have a question which
I hope is simple to answer. I should say that I am on a 56k dial up PPP
connection and offer no services to anyone. I am the only user and
root. Simple. In fact, I think my security measures are probably
over-the-top, but still it sems like good practice and makes interesting learning.

I have hardened the system using Marc's hardening script and have set up
Firewall2. Now, when I scan my ports with nmap, I have 'canna', 'smtp'
and 'squid' showing open. Canna is my Japanese language server and I
have squid running to cache pages for web browsing. I also opened up
the smtp/sendmail service so I can use fetchmail to fetch my mail.

My questions are:

1. Can I close the canna port and still use canna? I see no reason why
it should be sitting open to external connections when I am the only
person that needs to use it. How do I close it?

2. Is it necessary for squid to be sitting open, when I do not serve any
web pages. Can I close the port and still have squid cache pages for my browsing?

3. I fetch mail with fetchmail which requires sendmail to send the mail
to my account. Must I have sendmail running as a daemon or can I invoke
sendmail when fetchmail needs it. If I shut down sendmail/smtp, I can
sendmail, with sendmail -q but fetchmail fails. Basically, how do I
close the smtp port but still use fetchmail?

I'd be grateful for any help. And if I appear to be barking up the
wrong tree, then please do let me know! :-)


< Previous Next >
Follow Ups