On Sun, 2003-04-06 at 21:14, Steve Meyers wrote:
> On Sun, 2003-04-06 at 19:45, Andrew Jorgensen wrote:
> > Except that on Debian Exim runs in inetd by default. The inetd that 
> > your system has by default can't bind to specific addresses, but 
> > xinetd can. Or you can change Exim so it runs as a daemon.
> 
> Good catch.  I have mine running as a daemon, I forgot that it comes as
> inetd by default.  I definitely recommend apt-get install xinetd.

I actually run mine as a daemon too. So, I was able to configure the
"local_interface" directive in exim.conf. I also got my other services
working too. The Squid one was a little funky, had to configure it under
the http_port directive. That is a little weird. I set it to
127.0.0.1:8080. DansGuardian and pdnsd had a similar directive as well.
We really should standardize common options in config files, or at least
their format. If I have 10 services running, I have to know 10 different
config file formats and directives.

Anyway, now I have only those services exposed where they /need/ to be,
which in my book is a great way to minimize damage in the event of a
vulenerability in one of the services. I also like to have minimal
public services exposed on my firewall in general. Currently, only ssh
is exposed on all fronts. Apache, DansGuardian, and DNS are only
available to the internal network, and Exim and Squid are available only
to localhost. Seems to be working pretty well. Depending on where you
are when you nmap my firewall, you'll get a totally different view of
services. Not that I want you all nmap'ing me. :)

Thanks for the help. :) Linux rules.

--Dave


____________________
BYU Unix Users Group 
http://uug.byu.edu/ 
___________________________________________________________________
List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list

Reply via email to