> I'm wondering which is the best way to start exim4. I'm fetching my
mail
> from my ISP with fetchmail manually with a script because I only want
to
> do it when I am connected to internet.
>
> As I see it there are 3 alternatives, but if anybody can come up with
a
> 4:th please tell me.
>
> 1) Starting exim as a daemon in /etc/rc$.d and protecting it with
> iptables and binding it to localhost in exim.conf.
>
> 2) Starting with inetd and using tcpd for protection and using
> /etc/hosts.allow and .deny to bind it to localhost. (Possibly using
> iptables here to to get defence in depth?)
>
> 3) Installing xinetd and using it's wrappers and the bind command to
> bind it to localhost. (Also using iptables to get defence in depth)
>
> As I only fetch mail with fetchmail I only get sporadic use of exim4
so
> there is not really any point in having it listening all the time and
> this speaks for (x)inetd. It might be easier to DOS the (x)inetd
setup,
> which speaks for 1) (I don't know if this is really true...).
I'm paranoid about server daemons, and I only need exim4 for local mail
delivery. So I use a combination of all of the above:
- use iptables to block external access.
- use xinetd to invoke exim4, and block external access again in
/etc/hosts.{allow,deny}. (exim4 also runs every 15 minutes on a cron
job, though.)
- bind to localhost in the config file.
No problems so far (that I know of). I don't know anything about a
potential DOS.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
