On Thu, 21 Jan 2010 13:11:58 +0000, Adam Hardy wrote: > Camaleón on 21/01/10 12:29, wrote:
>> Didn't you say this? >> >> *** >> It should listen like this (or all hell breaks loose on their server >> farm): >> >> tcp 0 0 10.20.30.40:25 0.0.0.0:* >> LISTEN *** >> >> So if that remains true, you do need to open port 25 "locally" and bind >> Postfix to listen in that IP. >> >> But opening a port "locally" does not mean your SMTP server can be used >> from remote, in fact it cannot unless: >> >> a) The router (frame relay, xdsl line...) of your ISP/hosting provider >> is actually forwarding the requests to port 25 to your machine (by >> using NAT or iptables). > > Yes I did say I wanted postfix to listen on 10.20.30.40:25 but that was > while I was still trying to work out the basic configuration. Now that I > am happy that I know why postfix is doing something and that it works, I > would like to know whether I can completely close port 25. Mmm... okay, let's paint the big picture (please, correct me if I'm wrong) :-) - You need to be notified by e-mail (remote account) about crontab tasks. - You do not need a remote e-mail server neither a local e-mail server. Only the host running crontab will be allowed to send e-emails from the MTA (postfix, exim, whatever...) So you setup crontab variable "mailto=u...@mydomain.com" or "MAILTO=localuser". In every case (being a local or remote user), the mail should follow the configured path, that is, it will arrive to the MTA you have installed in the host (say Postix, Exim or any other facility). Once the e-mail arrives into the MTA, it will be delivered to the e-mail address you have defined, and you don't need to do anything. > One person reckons port 25 has to be open for smtp to send - is that so? > I don't think so, I thought smtp would open some high numbered port > temporarily. In fact, in my *desktop* computer, I've got that port open: *** s...@stt008:~$ netstat -an | grep 25 tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN *** And I am not running here any mail server: it's just the default desktop installation, running Exim. So, yes, the MTA is listening in that port and I cannot find any objection (security issue) to that. No one can send an e-mail from my Exim unless it's inside my own computer :-) > Or does smtp pick up the emails to be sent via port 25? I think so. > It just bugs me from a security point of view that the whole world can > see port 25 open when they look at that machine and some might take it > into their heads to aim their spam canons at it. That is quite hard to happen. Only if your own host gets cracked by someone in first place but in no way your computer can be reached by "telnetting" remotely through port 25. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
