Hello John, > Firstly, we installed PortSentry as a PKG file, but did an uninstall of > the PKG as numerous users were reporting that they could no longer > access the mail server for their domains. The uninstall was not clean, > as we had to manually delete two PortSentry directories that remained > after running the PKG uninstall. Upon a system reboot the PortSentry > processes were gone so we assumed all was well. > > We are now getting constant calls telling us that users who are using > fixed IP addresses to access the Cobalt box are still not able to > access their email, despite the fact that the PortSentry processes do > not seem to be running. It appears to be the SMTP service that is > affected, POP seems ok.
Depending on how you configured PortSentry their IP addresses are probably listed in a few possible places: 1. Check your /etc/hosts.deny file 2. Run the following command from the root account to see if their IP addresses are listed: route -n Any entries with the "flags" set to !H are blocked 3. If you're using IPChains then they may have been blocked by that To get them going again: 1. Remove them from the /etc/hosts.deny file 2. To restore the route information depends on the command that denied them access but is usually achieved with: route del -host xxx.xxx.xxx.xxx reject 3. I'm not familiar with IPChains enough for that one ;-) > Secondly, we have stopped the ftp service on the Cobalt box, and are > asking clients to use SecureFX from VanDyke Software to transfer files > using sftp. This is working fine, except that each domain user can > traverse the full Cobalt filesystem, and see all other user's web sites > and associated files. > > Is it possible to lock down secure ftp access using SecureFX so that > users can only access and view their own domain? I doubt it, at least not easily. Users can do this anyway with a simple Perl or PHP script anyway (This has been discussed at some length several times on the list). Looking at the OpenSSH configuration options it's not clear that there is a simple way: http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5&arch=&apr opos=0&manpath=OpenBSD+Current -- Regards, Jonathan Michaelson Commercial CGI Scripting, Web Hosting Web-based Email, Homepage Creation and Live Help products http://www.webumake.com _______________________________________________ cobalt-developers mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-developers
