Cliff Hayes wrote:
> My shiny new mimedefang servers (7 of them) are all running smoothly. I've
> asked the boss to contribute financially to your cause.
Do the servers have some intercommunication going on ? If so you might
want to make a list of the services they share and allow connections
from your mimedefang servers only.
> Now I have to deal with the jerks. I started out running with no firewall
> (not comfortable with that) and have the typical ssh probes. I didn't want
> to try to mess with a firewall and end up blocking something mimedefang
> and/or spamassassin was doing. Here is a list of ports I've accumulated. I
> have two questions:
> a) Please let me know if I've missed anything.
> b) If I do miss something, how will it make itself known? maillog? some
> other log?
I use a firewall package that spams via syslog if you tell it to.
> port list:
> 7 (vipul's razor)
> 25 (smtp mail)
> 123 (for ntpd time updates)
> 1023 (dcc)
> 2703 (vipul's razor)
> 6277 (dcc)
> 24441 (pyzor)
I assume you are talking about firewalling both ways, ie .. firewall
outgoing connections as wel as incomming connections. I would suggest
you start with incomming connections only. This is a lot easyer and as
you control the machine who is going to make outgoing connections
(besides your software ofc). Besides on a outgoing mailserver lots of
ports will be used to connect to other machines, updates etc dns lookups
.. if you are going to filter outgoing ports only filter the high level
one's 1 - 1024, the rest is kinda pointless.
ports opened on the SMTP server from the net.
- for incomming email
1. 25 (SMTP)
2. 465 (SMTP over SLL)
3. 2525 (another smtp port for ppl who's ISP blocks outgoing smtp
- pop / imap
4. 110 (POP3)
5. 995 (POP3 over SSL)
6. 143 (IMAP)
7. 993 (IMAP over SSL)
ports opened on the SMTP servers from internal only
8. 783 (spamassassin)
ports opened on the helper machines for internal use only
9. 10020 (spamassassin load balancer, mimedefang connects to this one)
10. 3306 (shared stats, spamscores, blocks etc via mysql)
Further more I would suggest opening up 22 from the net so you can
access all the machines ( another port say 22022 would help against them
scans but I never bothered ).
Hope it helps,
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.