Securing
Postfix
Postfix
is a replacement for Sendmail which has several security advantages over
Sendmail. Postfix consists of several small programs that perform their own
small task. And almost all programs run in a chroot jail. These are just a few
examples why Postfix is recommended over Sendmail. For more information on
chroot jail, see Using
Chroot Securely.
Linux servers that are not dedicated mail or relay servers should not accept external emails. However, it is important for production servers to send local emails to a relay server.
Before you continue on a Red Hat system, make sure Postfix is activated using the following command:
Linux servers that are not dedicated mail or relay servers should not accept external emails. However, it is important for production servers to send local emails to a relay server.
Before you continue on a Red Hat system, make sure Postfix is activated using the following command:
#
alternatives --set mta /usr/sbin/sendmail.postfix
The
following parameters in /etc/postfix/main.cf should be set to ensure that
Postfix accepts only local emails for delivery:
mydestination = $myhostname, localhost.$mydomain, localhost
inet_interfaces = localhost
The
parameter mydestination lists all domains to receive emails for.
The parameter inet_interfaces specifies the network to liston on.
Once you've configured Postfix, restart the mail system with the following command:
The parameter inet_interfaces specifies the network to liston on.
Once you've configured Postfix, restart the mail system with the following command:
#
/etc/init.d/postfix restart
To
verify whether Postfix is still listening for incoming network request, you can
run one of the following commands from another node:
#
nmap -sT -p 25 <remode_node>
#
telnet <remote_node> 25
Don't
run these commands on the local host since Postfix is supposed to accept
connections from the local node.
Securing Sendmail
Securing Sendmail
This
article focuses on security issues that pertain to most Linux servers in a
production environment. Therefore, securing a mail or relay server is out of
scope for this article since not all Linux servers in a production environment
are mail or relay servers. However, Sendmail or Postfix is usually required for
local mail delivery. Note that it is recommended to use Postfix over Sendmail
for various security reasons.
On newer Linux systems Sendmail is configured to run in the background for local mail delivery and not to accept incoming network connections. If your server is not a mail or relay server, then it is important that Sendmail is not accepting incoming network connections from any host other than the local server.
The default sendmail.cf configuration file on RedHat does not allow Sendmail to accept incoming network connections. The following setting in /etc/mail/sendmail.cf tells Sendmail not to accept incoming network connections from servers other than the local node:
On newer Linux systems Sendmail is configured to run in the background for local mail delivery and not to accept incoming network connections. If your server is not a mail or relay server, then it is important that Sendmail is not accepting incoming network connections from any host other than the local server.
The default sendmail.cf configuration file on RedHat does not allow Sendmail to accept incoming network connections. The following setting in /etc/mail/sendmail.cf tells Sendmail not to accept incoming network connections from servers other than the local node:
O DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA
If
that's not the case on your system, you can change it by setting or
uncommenting the DAEMON_OPTIONS parameter in the /etc/mail/sendmail.mc file.
Uncomment the DAEMON_OPTIONS line in /etc/mail/sendmail.mc to read:
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
Then
run:
#
mv /etc/mail/sendmail.cf /etc/mail/sendmail.cf.old
#
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
#
/etc/init.d/sendmail restart
To
verify whether Sendmail is still listening for incoming network request, you
can run one of the following commands from another node (make sure that you
have permissions to probe a machine):
#
nmap -sT -p 25 <remode_node>
#
telnet <remote_node> 25
Don't
run these commands on the local host since Sendmail is supposed to accept
connections from the local node.
Note that this document comes without warranty of any kind. But every effort has been made to provide the information as accurate as possible. I welcome emails from any readers with comments, suggestions, and corrections at webmaster_at admin@linuxhowto.in
Copyright © 2012 LINUXHOWTO.IN
Thank you for such a wonderful Information !!
ReplyDeleteHere is a list of Top LINUX INTERVIEW QUESTIONS
SAMBA Server Interview Questions
Linux FTP vsftpd Interview Questions
SSH Interview Questions
Apache Interview Questions
Nagios Interview questions
IPTABLES Interview Questions
Ldap Server Interview Questions
LVM Interview questions
Sendmail Server Interview Questions
YUM Interview Questions
NFS Interview Questions
Read More at :- Linux Troubleshooting
ReplyDeleteشركة نقل اثاث بالرياض https://wp.me/pa9yzo-33N نقل عفش بتعتبر أعمال نقل العفش من أهم الأعمال على الاطلاق ؛فالكثير من الأفراد يحتاجون الى القيام بأعمال النقل المميزة لحمايه كافه أجزاء الاثاث من التعرض للتكسير أو الخدوش وغيرها من الأمور الأخرى ؛لذلك نحن شركة نقل عفش بالرياض التى تعتمد على أفضل العاملين المتخصصين وأفضل الأساليب الحديثة للقيام بنقل جميع أجزاء الاثاث سواء غرف النوم والسفر والصالونات وغيرها من الأدوات المكتبية والأدوات الخاصه بالأمور الفندقية وغيرها من أجزاء الاثاث التى تتعلق بالشقق والقصور والفلل وجميع الأمور الأخرى .
تتخصص الشركة فى أعمال نقل الأجهزة الكهربية وغيرها من الأمور الأخرى التى تتعلق بالمطابخ وغيرها من الأمور الأخرى ؛فقط نحن شركة نقل عفش بالرياض التى تعتمد على أفضل الأساليب الحديثة والطرق المميزة للقيام بأعمال نقل العفش .… اقرأ المزيد
المصدر: شركة نقل اثاث بالرياض