Re: Telnet port 25

From: JOHN HAMBLETON (jhamblet_at_NMU.EDU)
Date: 12/11/03

  • Next message: Bob.Kelley_at_BRINKSINC.COM: "power4 vs power4+" 
    Date:         Thu, 11 Dec 2003 10:07:24 -0500
To: aix-l@Princeton.EDU

    I used IPSec to accomplish this task. With IPsec you
    can block specific: IP addresses, protocols, ports, and
    either incoming or outgoing. It's a lot like Linux's IPTables.
    I have my port 25 blocked on ingress to all IP's except
    localhost. IPsec is found on the AIX installation media set,
    and you administer it through Smit.
    John H
    jhamblet@nmu.edu

    Robert Miller wrote:

    >Not sure if it's possible with vanilla sendmail, it may be... but I
    >wonder if you could do such a thing with TCPWrappers? If you could
    >start sendmail using TCPWrappers, that would allow you to use the
    >hosts.allow and hosts.deny files to say which boxes could talk to your
    >smtp port...
    >
    >Not sure if it's possible... anyone know if this even sounds feasible?
    >
    >--rm
    >
    >-----Original Message-----
    >From: IBM AIX Discussion List [mailto:aix-l@Princeton.EDU]On Behalf Of
    >Miller, Dave (I.S.)
    >Sent: Wednesday, December 10, 2003 10:31 AM
    >To: aix-l@Princeton.EDU
    >Subject: Re: Telnet port 25
    >
    >
    >Thanks for the replies.
    >Maybe I should ask/approach this way...can I limit telnet to respond
    >only to certain IP addresses, or sendmail relays for that matter?
    >thanks
    >
    >-----Original Message-----
    >From: Bill Verzal [mailto:BVerzal@KOMATSUNA.COM]
    >Sent: Wednesday, December 10, 2003 12:22 PM
    >To: aix-l@Princeton.EDU
    >Subject: Re: Telnet port 25
    >
    >
    >smtp runs on port 25. You do not need sendmail running to send mail out
    >of
    >a box. Once you stop sendmail, telnet to port 25 will be closed.
    >
    >BV
    >--------------------------------------------------------
    >
    >"If everything is coming your way, then you are in the wrong lane"
    >
    >Bill Verzal
    >AIX Administrator, Komatsu America
    >(847) 970-3726 - direct
    >(847) 970-4184 - fax
    >
    >
    >
    > "Miller, Dave
    > (I.S.)"
    > <Dave.Miller@BHS.
    >To
    > ORG> aix-l@Princeton.EDU
    > Sent by: IBM AIX
    >cc
    > Discussion List
    > <aix-l@Princeton.
    >Subject
    > EDU> Telnet port 25
    >
    >
    > 12/10/2003 11:10
    > AM
    >
    >
    > Please respond to
    > IBM AIX
    > Discussion List
    > <aix-l@Princeton.
    > EDU>
    >
    >
    >
    >
    >
    >
    >Can someone point me in the write direction as to how I would easily
    >disallow telnet to port 25, but still allow telnet to port 23?
    >
    >
    >I.e. I don't want to be able to telnet to port 25 and send mail, but I
    >still want to run sendmail, and allow telnet... or am I looking at this
    >wrong? Thanks.
    >
    >
    >
    >
    >
    >
    >
    >
    >CONFIDENTIALITY NOTICE: This email communication and any attachments may
    >contain confidential and privileged information for the use of the
    >designated recipients named above. If you are not the intended
    >recipient,
    >you are hereby notified that you have received this communication in
    >error
    >and that any review, disclosure, dissemination, distribution or copying
    >of
    >it or its contents is prohibited. If you have received this
    >communication
    >in error, please reply to the sender immediately or by telephone at
    >(413)
    >794-0000 and destroy all copies of this communication and any
    >attachments.
    >For further information regarding Baystate Health System's privacy
    >policy,
    >please visit our Internet web site at http://www.baystatehealth.com.
    >
    >
    >-----------------------------------------
    >
    >CONFIDENTIALITY NOTICE: This email communication and any attachments may
    >contain confidential and privileged information for the use of the
    >designated recipients named above. If you are not the intended
    >recipient, you are hereby notified that you have received this
    >communication in error and that any review, disclosure, dissemination,
    >distribution or copying of it or its contents is prohibited. If you have
    >received this communication in error, please reply to the sender
    >immediately or by telephone at (413) 794-0000 and destroy all copies of
    >this communication and any attachments. For further information
    >regarding Baystate Health System's privacy policy, please visit our
    >Internet web site at http://www.baystatehealth.com.
    >

  • Next message: Bob.Kelley_at_BRINKSINC.COM: "power4 vs power4+"

    Relevant Pages

    • Re: Telnet port 25
      ... encryption with IPSec but IPSec is billed as a firewall. ... >>Not sure if it's possible with vanilla sendmail, ... telnet to port 25 will be closed. ... >>communication in error and that any review, disclosure, dissemination, ...
      (AIX-L)
    • Re: To IPSec Packet Filter OR Not To IPSec Packet Filter - that is the question
      ... an IPSec policy that should be sufficiently restrictive for your purposes. ... Client's Source port is ANY ... then how can I create an IPSec filter that blocks all ...
      (microsoft.public.win2000.security)
    • RE: Well, were getting closer. Still having issues installing B itTorrent.
      ... well it isn't really a bittorrent problem but rather a python one. ... I would check with the port maintainer if my ... This email communication is intended as a private communication for the sole ... Cette communication par courrier électronique est une communication privée à ...
      (freebsd-questions)
    • Re: Explain this about threads
      ... Basically I'm trying to do synchronous communication with the parallel ... I guess I'm curious at this point as to why you want to use this kernel ... the unmanaged parallel port access via CreateFile, ... If I do spinwaitthen I'm guaranteed a atleast whatever maximum time ...
      (microsoft.public.dotnet.languages.csharp)
    • RE: TCP/IP Filtering problem on W2KAS
      ... These are definitely legitimate security concerns of the Win2K ... I have employed this technique to bypass IPSec port ... Port filtering with IPSec leaves you vulnerable because only the source port ...
      (Focus-Microsoft)