[ILUG] which ports for sendmail
John P . Looney
valen at tuatha.org
Tue Sep 5 15:35:55 IST 2000
On Tue, Sep 05, 2000 at 03:33:33PM +0100, Dave Wilson mentioned:
> > > I am setting up a firewall for our mail server, and intend to block all ports,
> > > save those required for sendmail to work , which ones should i allow in.
> > smtp at tcp port 25.
> Also either allow ident tcp port 113, or explicitly refuse connections to it.
> Many servers will make an ident connection to you when you make an SMTP
> connection to them, and won't allow the SMTP conversation to proceed until
> they have got some sort of positive or negative response. If you drop these
> packets silently, outgoing SMTP will have to wait until the remote end's ident
> connection times out.
And let the DNS on the mail server go out!
The words of the unwary are apt to cause needless pain and bloody violence.
- Zen Master Greg
More information about the ILUG