Re: what ports does sendmail /popper use?
From: Jason Baugher (jason@baugher.pike.il.us)Date: 05/28/02
- Next message: fanny: "secure UNIX log server"
- Previous message: Bob Yeaw: "Bridging Firewalls"
- In reply to: mischa: "Re: what ports does sendmail /popper use?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Jason Baugher" <jason@baugher.pike.il.us> Date: Tue, 28 May 2002 11:04:27 -0500
Are you blocking EVERYTHING but 110, 53, and 25? You need to allow incoming
packets for ports above 1024, for the return connection. For example, I
just established a connection from my Redhat box to my ISP's mail server. I
connected to port 25 on their end, but the return connection is to port 1692
on my end (see this with netstat -t).
What exactly are you wanting to accomplish? You message reads like your
mail server is internal, and you want to firewall it from the internet, yet
allow it to receive and send mail through the firewall with sendmail, accept
pop connections from outside the firewall, and be able to do DNS lookups for
mail purposes. First, don't block anything above 1024 unless you have a
specific reason to do so (proprietary app using a high port number). Block
everything incoming above 1024. Open 25/tcp in. Open 110/tcp in. Done.
No reason to block anything outgoing, unless, again, you have a specific
reason to do so.
-- Jason Baugher Virtual Adept Professional Consulting Services 1406 Adams St. Quincy, IL 62301 (217) 221-5406 http://baugher.pike.il.us/virtualadept jason@baugher.pike.il.us"mischa" <mischa@megapathdsl.net> wrote in message news:uf6qpj8r2buo3d@corp.supernews.com... > Yeah, thats the thing thats confusing me since i have port 53 udp and tcp > open and still get the failure to resolve error. could it have something to > do with icmp being blocked? > > "Vladimir P." <vladimir@NoSpamPLZ.net> wrote in message > news:6IJI8.27350$l25.1295707@weber.videotron.net... > > On 28 May 2002 06:09:02 GMT, those who know me have no need of my name > wrote: > > ><5nAI8.17996$SQ4.1103147@wagner.videotron.net> divulged: > > > > > >>You can get away (and should try) with 53/udp only... > > > > > > silly. you'll cause failures when the response is larger than your > > > resolver can handle using udp. > > > > > > > Bind lover, eh? He CAN get away with that, provided there is no > > zone transfers. Any regular query should be less than 512 bytes and > > udp will do just fine... Having said that, I do have 53/tcp open > > on my fw :) > >
- Next message: fanny: "secure UNIX log server"
- Previous message: Bob Yeaw: "Bridging Firewalls"
- In reply to: mischa: "Re: what ports does sendmail /popper use?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
