From: JOHN HAMBLETON (jhamblet@NMU.EDU)
Date: Thu Dec 11 2003 - 10:07:24 EST
I used IPSec to accomplish this task. With IPsec you
can block specific: IP addresses, protocols, ports, and
either incoming or outgoing. It's a lot like Linux's IPTables.
I have my port 25 blocked on ingress to all IP's except
localhost. IPsec is found on the AIX installation media set,
and you administer it through Smit.
John H
jhamblet@nmu.edu
Robert Miller wrote:
>Not sure if it's possible with vanilla sendmail, it may be... but I
>wonder if you could do such a thing with TCPWrappers? If you could
>start sendmail using TCPWrappers, that would allow you to use the
>hosts.allow and hosts.deny files to say which boxes could talk to your
>smtp port...
>
>Not sure if it's possible... anyone know if this even sounds feasible?
>
>--rm
>
>-----Original Message-----
>From: IBM AIX Discussion List [mailto:aix-l@Princeton.EDU]On Behalf Of
>Miller, Dave (I.S.)
>Sent: Wednesday, December 10, 2003 10:31 AM
>To: aix-l@Princeton.EDU
>Subject: Re: Telnet port 25
>
>
>Thanks for the replies.
>Maybe I should ask/approach this way...can I limit telnet to respond
>only to certain IP addresses, or sendmail relays for that matter?
>thanks
>
>-----Original Message-----
>From: Bill Verzal [mailto:BVerzal@KOMATSUNA.COM]
>Sent: Wednesday, December 10, 2003 12:22 PM
>To: aix-l@Princeton.EDU
>Subject: Re: Telnet port 25
>
>
>smtp runs on port 25. You do not need sendmail running to send mail out
>of
>a box. Once you stop sendmail, telnet to port 25 will be closed.
>
>BV
>--------------------------------------------------------
>
>"If everything is coming your way, then you are in the wrong lane"
>
>Bill Verzal
>AIX Administrator, Komatsu America
>(847) 970-3726 - direct
>(847) 970-4184 - fax
>
>
>
> "Miller, Dave
> (I.S.)"
> <Dave.Miller@BHS.
>To
> ORG> aix-l@Princeton.EDU
> Sent by: IBM AIX
>cc
> Discussion List
> <aix-l@Princeton.
>Subject
> EDU> Telnet port 25
>
>
> 12/10/2003 11:10
> AM
>
>
> Please respond to
> IBM AIX
> Discussion List
> <aix-l@Princeton.
> EDU>
>
>
>
>
>
>
>Can someone point me in the write direction as to how I would easily
>disallow telnet to port 25, but still allow telnet to port 23?
>
>
>I.e. I don't want to be able to telnet to port 25 and send mail, but I
>still want to run sendmail, and allow telnet... or am I looking at this
>wrong? Thanks.
>
>
>
>
>
>
>
>
>CONFIDENTIALITY NOTICE: This email communication and any attachments may
>contain confidential and privileged information for the use of the
>designated recipients named above. If you are not the intended
>recipient,
>you are hereby notified that you have received this communication in
>error
>and that any review, disclosure, dissemination, distribution or copying
>of
>it or its contents is prohibited. If you have received this
>communication
>in error, please reply to the sender immediately or by telephone at
>(413)
>794-0000 and destroy all copies of this communication and any
>attachments.
>For further information regarding Baystate Health System's privacy
>policy,
>please visit our Internet web site at http://www.baystatehealth.com.
>
>
>-----------------------------------------
>
>CONFIDENTIALITY NOTICE: This email communication and any attachments may
>contain confidential and privileged information for the use of the
>designated recipients named above. If you are not the intended
>recipient, you are hereby notified that you have received this
>communication in error and that any review, disclosure, dissemination,
>distribution or copying of it or its contents is prohibited. If you have
>received this communication in error, please reply to the sender
>immediately or by telephone at (413) 794-0000 and destroy all copies of
>this communication and any attachments. For further information
>regarding Baystate Health System's privacy policy, please visit our
>Internet web site at http://www.baystatehealth.com.
>
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:17:24 EDT