Hi Dudes

How can we block the tcp/25 Services with tcp wrapper under Solaris10?
The entry in /etc/hosts.deny "smtp: ALL" dosn't work...

We can still connect with -> telnet host 25

thanks for your support

regards

cypherpunks <cypherpunks@rocketmail.com> wrote:
> How can we block the tcp/25 Services with tcp wrapper under Solaris10?
> The entry in /etc/hosts.deny "smtp: ALL" dosn't work...
> We can still connect with -> telnet host 25

That's because sendmail isn't called by inetd but does the listening
on tcp/25 itself, so tcp wrappers aren't involved.

What you're looking for is in /etc/mail/sendmail.cf:
# SMTP daemon options
O DaemonPortOptions=Port=smtp,Addr=127.0.0.1,Name=MTA
O DaemonPortOptions=Port=587, Name=MSA, M=E

HTH,
Jens
-- 
Jens Goerke, mobilcom Server Systeme
Postadresse: Mobilcom, Hollerstr. 126, 24782 Buedelsdorf
Besucheradresse: Am Friedrichsbrunnen, Ahlmannhallen
Tel: +49-(0)4331-69-5505 Fax: +49-(0)4331-69-5588

j.goerke@mobilcom.de wrote:
> cypherpunks <cypherpunks@rocketmail.com> wrote:
>> How can we block the tcp/25 Services with tcp wrapper under Solaris10?
>> The entry in /etc/hosts.deny "smtp: ALL" dosn't work...
>> We can still connect with -> telnet host 25
> 
> That's because sendmail isn't called by inetd but does the listening
> on tcp/25 itself, so tcp wrappers aren't involved.

That's only partly true, as sendmail in Solaris 10 has been linked
against libwrap.so (see ldd /usr/lib/sendmail), so it *does* use
TCP wrappers.

To the OP: I haven't tried, but I think you need to specify "sendmail"
instead of "smtp" in the hosts.deny file.

mp.
-- 
Systems Administrator | Institute of Scientific Computing | Univ. of Vienna

Hi mp

The same problem with sendmail entry in /etc/hosts.deny file.
we can still connect to host with telenet host 25

cu

"cypherpunks" <cypherpunks@rocketmail.com> writes:

>Hi mp

>The same problem with sendmail entry in /etc/hosts.deny file.
>we can still connect to host with telenet host 25

Tcp wrappers need to be enabled in sendmail and inetd.

Casper

>> On 18 May 2006 06:24:16 -0700,
>> "cypherpunks" <cypherpunks@rocketmail.com> said:

> Hi mp The same problem with sendmail entry in
> /etc/hosts.deny file.  we can still connect to host with
> telenet host 25

Is there something in hosts.allow that is letting the
connection in (so that hosts.deny never gets looked at)?

hth
t

cypherpunks <cypherpunks@rocketmail.com> wrote:
> The same problem with sendmail entry in /etc/hosts.deny file.
> we can still connect to host with telenet host 25

I don't think that sendmail will drop the TCP connection on a libwrap
denied host (which is the behavior you get with inetd tcp wrappers).  I
think it will send a 550 when you try to set up the SMTP connection
inside.

Have you tried to send mail through the telnet, or are you just checking
whether the TCP connection succeeds?

-- 
Darren Dunham                                           ddunham@taos.com
Senior Technical Consultant         TAOS            http://www.taos.com/
Got some Dr Pepper?                           San Francisco, CA bay area
         < This line left intentionally blank to confuse you. >

Hi

I dont think so...

Here our Files

root@wsterra# more /etc/hosts.allow
swat: LOCAL
sshd: ALL
in.ftpd: LOCAL 160.59.200.0/255.255.255.0 160.59.206.78
root@wsterra# more /etc/hosts.deny
in.telnetd: ALL
in.ftpd: ALL
in.rlogind: ALL
sendmail: ALL
ALL: ALL

cu

Hi

Ok. Now it works

We can connect to port 25, but we cant send emails

550 5.0.0 Access denied

thank you

In <1148026911.710616.39370@j33g2000cwa.googlegroups.com> "cypherpunks" <cypherpunks@rocketmail.com> writes:


>Ok. Now it works

>We can connect to port 25, but we cant send emails

>550 5.0.0 Access denied

Why don't you just shut down the SMTP server?

-- 
-Gary Mills-    -Unix Support-    -U of M Academic Computing and Networking-