> I'm wondering which is the best way to start exim4. I'm fetching my mail > from my ISP with fetchmail manually with a script because I only want to > do it when I am connected to internet. > > As I see it there are 3 alternatives, but if anybody can come up with a > 4:th please tell me. > > 1) Starting exim as a daemon in /etc/rc$.d and protecting it with > iptables and binding it to localhost in exim.conf. > > 2) Starting with inetd and using tcpd for protection and using > /etc/hosts.allow and .deny to bind it to localhost. (Possibly using > iptables here to to get defence in depth?) > > 3) Installing xinetd and using it's wrappers and the bind command to > bind it to localhost. (Also using iptables to get defence in depth) > > As I only fetch mail with fetchmail I only get sporadic use of exim4 so > there is not really any point in having it listening all the time and > this speaks for (x)inetd. It might be easier to DOS the (x)inetd setup, > which speaks for 1) (I don't know if this is really true...).
I'm paranoid about server daemons, and I only need exim4 for local mail delivery. So I use a combination of all of the above: - use iptables to block external access. - use xinetd to invoke exim4, and block external access again in /etc/hosts.{allow,deny}. (exim4 also runs every 15 minutes on a cron job, though.) - bind to localhost in the config file. No problems so far (that I know of). I don't know anything about a potential DOS. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]