RE: Sendmail problem?

["Anthony E . Greene" <agreene pobox com>]

On Thu, 19 Aug 1999 18:54:28 Nigel Trivass wrote:
>Basically our customers complain that their emails 
>are bounced back to them. On linux, the same 
>number is dialed by the modem, and the same login 
>and password is used to connect to the ISP as used 
>by the Windows mail server. The linux machine is 
>connected to our ISP as and when required, however 
>the windows server remains attached constantly 
>during the day. Customers are reporting that their 
>email are bounced back overnight, and during the day. 

If the Linux box is not registered with the DNS, some 
domains will not accept your mail. The best way to
figure this out is to post the headers of one of the 
bounced messages to this list. It should be easy 
to isolate the problem.
 
>We have not configured sendmail to route mail, as 
>we are still learning the basics of linux. 
>[However it is important for us to have a separate 
>machine with direct access to the internet]. 
>Ultimately, it would be nice to set up the machine 
>so it could be used as an email server as and when 
>required. 
 
If you have not configured sendmail, then none of
your customers should be using it as their SMTP 
server. You should disable the service until you
have figured out how to set it up. Besides the
Mail-HOWTO, there are excellent instructions in the
MailHelp section of http://www.moongroup.com.

>I've been advised that certain services should be 
>turned off. Could you advise further?

Do a 'ps -aux' and if there are any services you 
do not recognize, check the associated manpage or
the documentation in /usr/doc to see if it is 
something you need. If not, turn it off using 
'ntsysv' at the command line. 

Also check /etc/inetd.conf. This lists services 
that are started by inetd as needed. They do not run
all of the time, so they will not be listed as 
processes in 'ps aux'. If you do not want inetd to
start a service, just comment it out by putting a
hashmark (#) at the beginning of the line in 
inetd.conf.

If the documentation for a service does not describe
it well enough for you to figure out if you need it, 
just post a question here.

After you figure out what services you need to keep 
running, you can restrict access to them. Services
that are started by inetd can be restricted by editing
/etc/hosts.allow and hosts.deny. These files are used
by tcpwrappers (tcpd) to control access to services.

You can start by putting "ALL:ALL" in hosts.deny
and "ALL:LOCAL" in hosts.allow. This will prevent 
all connections from other machines and allow any 
connection from the console or a dialup/serial 
connection to the Linux box. Network connections 
like telnet over PPP will not work.

Then you can allow connections that you may need. For
example you can allow telnet or FTP connections from 
IP addresses on your LAN. Ths procedure is described 
in the tcpd(8) and hosts_access(5) manpages:

	man 8 tcpd
	man 5 hosts_access

Tony
--
 Anthony E. Greene <agreene pobox com>
 Homepage & PGP Key <http://www.pobox.com/~agreene/>