OK,
there are abviously two sides to this argument
but I will give the best one for making the
machine more secure by default:
I used to only run 1 Linux server (email and DNS)
- obviously that when I first got into using
Linux -
(everything at University was unix and I used
Amiga - but unfortunately my last full time
employment required a Windoze PC on my desk so
I fell to the dark side for a while ... though
I did use a Mac rather than a Windoze PC for a
lot longer than anyone else at my job :-) And
my desktop was also a VAXStation 4000, the PC
got very little use)
Anyway, once I got to running 3 full time Linux
servers I was regularly port scanned and also
have been hacked into on a number of occasions!
In the past year I also had two Linux PC's of
a friend of mine at my place since I have a
permanent connection and my own subnet
(hmmm ... should I admit that in public?)
and out of the 6 Linux PC's I had until recently
when all got rearranged, 5 of them had been
hacked into and 1 of the 5 I could not log into
execpt in single user mode! (That was one of the
two my friend owns)
Now as an aside, all of the "hacking in" has
occurred on computers without proper firewall
protection (my friend didn't want his 2 covered
by my somewhat tight firewall security that I
finally implemented after my computers had been
hacked a few times - so after the firewall was
setup only those two computers were compromised
- and this is not a challenge to anyone - so
please don't!!!!!)
I also packet log ALL remote access to my network
(30Gb HDD using tcpdump and that gives me plenty
of IP addresses that are attacking my network
every day - I wish it was worth reporting the
addresses and attack times somewhere - every
time I try my emails are just ignored!)
Now I have no idea why I am a regular target for
port scans and hackers (though I think it may be
common for anyone with a permanent subnet) but I
certainly do not mind having to turn services on
rather than having to go through turning them
off and missing some along the way.
I actually thought that 7.1 was great with regards
to this!
As for sendmail, yes I had the same problem and
had no idea what was wrong but kept looking and
looking for about an hour until I found the 127.0.0.1
in sendmail.mc and read the comment there that
says to comment it out (and found the README
comment a week later :-)
The makefile in /etc/mail also helps :-)
I did a full install of 7.1 (and I am sure many
newbies out there like to do that too ... it gives
you all the software available :-) and every day I
get people trying to relay thought my 4 mail
servers - so I can certainly see where RedHat is
coming from when they close it off and expect you
to read the README and open it up yourself.
I really have to admit that if it really is that
much of a burden to work out why sendmail isn't
working (and you didn't bother to read the README)
then maybe linux isn't the OS for you.
WinHat????? Yeah right - get a reality check.
Don't go near procmail :-) that took me almost a
week of scouring the internet and reading FAQ's
to work out how to get it to do everything I
wanted :-) since I hadn't ever used it before.
(and there is a real fun one there that I still
haven't found any documentation for: if you want
to move an email to a folder with spaces in the
directory and/or filename then you must put a
"\" before each space of the target dir/file in
the .procmailrc file)
Oh and just to throw in a counter example ... procmail
is enabled by default - I thought that was cool that
it was assumed that anyone would like to use procmail
yet it is far from intuitive how to write a
.procmailrc file :-) :-) :-)
-Cheers
-Andrew Smith
>> -----Original Message-----
>> From: [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED]
>> Sent: Sunday, July 15, 2001 10:37 PM
>> To: [EMAIL PROTECTED]
>> Subject: Re: Sendmail Weirdness, Or Welcome to WinHat 7.1
>>
>> And my first point remains unanswered. What's the point of even
>> installing sendmail if you break it on purpose? This is
>> email! That sort
>> of demands extra-local functionality. The ability to retrieve email
>> across a network is considered to be a basic service of a
>> networked OS.
>> I'd like to see a readily available networked mode.
>
> Your request is close to: "why don't those RH guys ship it
> preconfigured as a open mail relay".
> No believe me, the way it is shipped currently is good. For an
> experienced admin. it is very easy to make it listen to addresses
> different from the loopback address. And you need to configure it
> anyway to make it work, not?
>
> What I don't like however is the movestuff patch. The sendmail
> distribution has its configuration/settings file at much more
> convenient places.
>
> --
> Vik
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
