Re: [qmailtoaster] Re: firewall rules

[sysadmin]

Again ,
thanks guys,

I left Port 993 imap-ssl and 995 pop3-ssl, just incase users have a need in 
the future.
Thanks
madmac


----- Original Message ----- 
From: "Eric Shubert" <e...@shubes.net>
To: <qmailtoaster-list@qmailtoaster.com>
Sent: Tuesday, May 31, 2011 5:37 PM
Subject: [qmailtoaster] Re: firewall rules


On 05/31/2011 04:58 PM, Cecil Yother, Jr. wrote:


On 05/31/2011 03:29 PM, Eric Shubert wrote:
On 05/31/2011 08:34 AM, Cecil Yother, Jr. wrote:
IIRC you can close 20 and 21 (FTP), 23 (Telnet), 43 (whois), 123 (NTP).
This is of course unless you use any of these services.

To be a little clearer, you can close these ports so long as you don't
*serve* these services. For example, you can close port 123 (NTP) and
still use ntpd as an ntp client to keep time on the server. You'd only
need to open the port if you're providing ntp services to other
clients (as a server). This is provided you have a rule that allows
established sessions to pass the firewall, which you should.

FTP can be moved
to a non standard port and will decrease attacks by 99%.

If you need to provide ftp services, use of non-standard ports is
highly recommended. You shouldn't need to run an ftp server on QMT,
unless you're hosting a web site as well and need to allow a way for
developers to update the web site.

953, 993, and
995 are for secure mail transport.

Not quite right. 953 appears to be for bind 9, which you shouldn't
need. Running an authoritative domain name server on QMT is not
recommended.

Port 993 is for imap-ssl and 995 is for pop3-ssl, both of which you
probably want to have open. They're not necessarily required though,
depending on if your users might need them or not.

I guess I did OK from memory...


Yes you did. My memory's not that good any more (as if it ever was), so I 
need to look things up, repeatedly. ;)

--
-Eric 'shubes'


---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
     If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
    Please visit qmailtoaster.com for the latest news, updates, and 
packages.
    To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
    For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com





---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
     If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
    Please visit qmailtoaster.com for the latest news, updates, and packages.
    
     To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
    For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com