On Sun, 2003-04-06 at 21:14, Steve Meyers wrote: > On Sun, 2003-04-06 at 19:45, Andrew Jorgensen wrote: > > Except that on Debian Exim runs in inetd by default. The inetd that > > your system has by default can't bind to specific addresses, but > > xinetd can. Or you can change Exim so it runs as a daemon. > > Good catch. I have mine running as a daemon, I forgot that it comes as > inetd by default. I definitely recommend apt-get install xinetd.
I actually run mine as a daemon too. So, I was able to configure the "local_interface" directive in exim.conf. I also got my other services working too. The Squid one was a little funky, had to configure it under the http_port directive. That is a little weird. I set it to 127.0.0.1:8080. DansGuardian and pdnsd had a similar directive as well. We really should standardize common options in config files, or at least their format. If I have 10 services running, I have to know 10 different config file formats and directives. Anyway, now I have only those services exposed where they /need/ to be, which in my book is a great way to minimize damage in the event of a vulenerability in one of the services. I also like to have minimal public services exposed on my firewall in general. Currently, only ssh is exposed on all fronts. Apache, DansGuardian, and DNS are only available to the internal network, and Exim and Squid are available only to localhost. Seems to be working pretty well. Depending on where you are when you nmap my firewall, you'll get a totally different view of services. Not that I want you all nmap'ing me. :) Thanks for the help. :) Linux rules. --Dave ____________________ BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
