[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The mailq service



> On Mon, 29 Jun 1998, Oleg Polyanski wrote:
> > > Maybe it's a stupid question, but how do I stop remote machines to connect
> > > to port 174/TCP when running zmailer? I definitely don't want people to
> > > look at the mail queue on the local server. 
> > > How do I tell zmailer not to accept any connections to that port (at least
> > > from the outside, I still want the mailq command to work locally)
> > 	use tcp wrappers.
>
> Won't work. Zmailer daemons are not invoked via the inet superserver, they
> are started from the command line and "daemonized" - they listen on the
> ports in question on their own. The tcp wrappers never get in their way -
> that is unless I can use the wrappers from within zmailer? I was looking
> for information on this topic, but alas to no avail... ;-((

  ./configure ...  --with-tcp-wrappers=...

They work from within, naturally.

>    Well, I
> thought that adding the mailq service to /etc/inetd.conf and denying
> access to it in /etc/hosts.deny would work - the assumption was that inetd
> and thus tcp wrappers will get the connection first and refuse it. But
> that doesn't work. strobe still reports the mailq service on tcp port
> 174....

And after you have tcp-wrapper code in, the strobe will still report that
the mailq service replies -- but the strobe does not TEST to see, if it
really works.  (Strobe does connect(), and then close(), doesn't it?)

/Matti Aarnio <mea@nic.funet.fi>