Re: Accepting external sendmail on 2.0.2

From: Igor Sobrado (igor_at_string1.ciencias.uniovi.es)
Date: 07/11/05

  • Next message: Igor Sobrado: "Re: Accepting external sendmail on 2.0.2" 
    Date: 11 Jul 2005 19:27:14 +0200

    Martin Neitzel <neitzel@marshlabs.gaertner.de> wrote:
    >
    > There is certainly a historical reasoning.
    >
    > The very point of the X Window System was to be network-oriented.
    > Clients run on a computationally capable host while the I/O is done
    > on a network node capable of doing graphics, at its extreme just an
    > X terminal.

    I really like running remote clients on a local server, but it can
    be done now using ssh (with or without a -X flag).

    > In this setting, it doesn't make much sense if an X11 server would
    > only accept local connections. Clients are most probably run elsewhere.
    > (These days, capable stand-alone workstations / PCs have become
    > prevalent, but "stand-alone" was not the setting the X Window System
    > was developed for.)

    I like maintaining some graphical applications centralized and run
    them remotely. I think that X11 *must be* networked, that is a big
    difference with other servers. Sometimes, I want running applications
    that are not available on a platform/operating system too (e.g., I like
    running some IRIX and Solaris applications that are based on X11...
    support for SGI extensions would be great but it is not available
    on X11 servers). Remote execution of graphical applications is very
    useful, sometimes a requirement.

    On the other hand, I do not like XDMCP a lot. It makes not sense
    for me because I do not have X/Terminals and I do not run non-Unix
    operating systems. :-)

    > The X protocol takes care of seperating good from bad clients.
    > (RTFM X11(1), xhost(1), xauth(1).) By default, external clients
    > do _not_ have access to an X server. "Listening on external interfaces"
    > is not the same as "accepting any external connection". An important
    > difference you fail to make in your observation.

    Only because I was not aware about that difference!!! :-)

    I suppose that if a process is listening on an external interface,
    it can be used (or at least "tested") by any system. I do not trust
    a lot on the security features implemented in these listeners. I agree
    that these listeners are not accepting external connections by default,
    but perhaps there is a vulnerability in the daemons that can be
    exploited before rejecting communication. If there is a standard
    way to reject the three-way TCP connection handshake on these ports,
    services can be trusted, though.

    Is there a way to show processes that are not accepting external
    connections but listening using, we say, netstat?

    > This is in stark contrast to, say, SMTP, a protocol which by default
    > is willing to talk with anybody. (Or rather: used to do so. Email
    > submissions are now confined to local scope with the (recent) split
    > between MTA vs. SMP processes.)

    Certainly, email management must be highly improved. Connection
    between arbitrary SMTP servers is not possible since mid-90's in
    most organizations, but spam is a serious problem yet. We need
    a robust and secure email infrastructure, but we need compatibility
    with current proposal too. It is nice to know that submissions
    now have a local scope, I really hope that it will be a nightmare
    for spammers.

    > PS: FWIW, I'm rather surpised of the "vi" mentioning. vi(1) is listening
    > to the net? Please tell me more.

    No! vi(1) using a MTA for sending email about lost files to local
    users!!! :-)))

    I think that vi(1) does not write to the mail spool (at least it should
    not do that). It is better managing email using a MTA, as it will have
    few bugs than a external program. It is better trusting on a good MTA
    for managing the mail spool.

    Cheers,
    Igor.

  • Next message: Igor Sobrado: "Re: Accepting external sendmail on 2.0.2"

    Relevant Pages

    • Re: How many on a T1?
      ... but I know that so many network aware folk read ... It greatly depends on what your clients will be doing with the t1. ... P2P/bit torrents are the largest killers of bandwidth. ... If Joe Schmoe with a P2P client has 300 concurrent connections ...
      (comp.os.linux.misc)
    • Re: Remote Desktop Through ISA 2004
      ... Did you join the clients to the domain using connectcomputer wizard. ... VBScript: Remote Desktop Disconnected ... Remote connections ... I am able to use RWW inside my network and then connect to another desktop ...
      (microsoft.public.windows.server.sbs)
    • IPSec Natting multiple firewalls
      ... there are several clients in an w2k network which have let ... The defaultgateway of these clients is a dsl-router on ... VPN too and there is no chance to setup these connections ... then routed to the firewall I mentioned. ...
      (microsoft.public.de.german.win2000.networking)
    • Re: Can Encoder be connected to directy
      ... Mike Powers ... > limit of 50 connections by modifying a registry key. ... > Because each connection taxes system and network resources however take ... > legitimate clients from connecting to a broadcast. ...
      (microsoft.public.windowsmedia.encoder)
    • Re: Mail DoS from Bellsouth
      ... have the ability to meter connections to my systems. ... *i* run my network. ... >> work properly in the face of heavy loads, and that if your mta can't ...
      (comp.os.linux.security)