-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 11 Feb 2004 02:40:07 +0100, Nick Boyce <[EMAIL PROTECTED]> wrote: > Sorry if this is a dumb question ... > > I've just set up a "secure" (you know .. more than usual) Debian system, > and want to arrange things so that it can send mail out when necessary > (in case anything happens that it thinks I should know about) but is > *not* constantly listening for incoming mail. > > Is there a best way of doing this ? > > The default Exim MTA is installed, and I've commented out the SMTP line > from inetd.conf, but there is a /etc/init.d/exim startup script that > comes with the Exim package, that has this : > > # Exit if exim runs from /etc/inetd.conf > if [ -f /etc/inetd.conf ] && grep -q "^ *smtp" /etc/inetd.conf; then > exit 0 > fi > [...] > case "$1" in > start) > echo -n "Starting MTA: " > start-stop-daemon --start --pidfile /var/run/exim/exim.pid \ > --exec $DAEMON -- -bd -q30m > > So one way or the other, Exim gets to listen. > > In exim.conf, there is > # This will cause it to accept mail only from the local interface > #local_interfaces = 127.0.0.1 > so I could set that option. Would that stop Exim from binding to the > ethernet interface ? > > Should I just remove the S20exim symlink from rc?.d ? > That seems a bit of a kludge. If this was NetBSD, I'd set something > like "exim=no" in somewhere like rc.conf ... is there a Debian > equivalent to that ? > > TIA for any advice. > Nick Boyce > Bristol, UK > >
Just firewall off port 25 from the network. Leave it visible internally on the loopback, so you can still use it for a local MTA. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAKZC5d90bcYOAWPYRAtGyAJ9i9GnQhUa9RxtPuerpGbktsZzLtQCgmOGW KVwsJnoPAF7pfFBNWbUPG8M= =w2SY -----END PGP SIGNATURE----- -- Jim Richardson http://www.eskimo.com/~warlock "We have to go forth and crush every world view that doesn't believe in tolerance and free speech," - David Brin
