Topic: Newbie: close services

[Jonas Karlsson]

Hello, I wan't to do the following:

1. Close the ftp service since I don't use it. Is it enough to remove the ftp hostname in the web interface? (don't think so).

2. Only use the mail server for outgoing mail, not incoming. The clients can get it directly from another server. I've heard that smtp is unsafe, is that true for the default e-smith configuration?

Thank you in advance for the help!

Jonas

[Gordon Rowell]

Jonas Karlsson wrote:
>
> Hello, I wan't to do the following:
>
> 1. Close the ftp service since I don't use it. Is it enough
> to remove the ftp hostname in the web interface? (don't think
> so).

www.e-smith.org/docs/manual, in particular 9.2

> 2. Only use the mail server for outgoing mail, not incoming.
> The clients can get it directly from another server. I've
> heard that smtp is unsafe, is that true for the default
> e-smith configuration?

No, e-smith's SMTP configuration is designed with security as a prime goal. We use a secure email system, and protect it with additional restrictions (running under a protected user in what is known as a chroot() jail).

Gordon

[Jonas Karlsson]

Thank you Gordon for the nice reply!

The reason for my question was that I tried the online port scanning at http://www.grc.com ("Probe my ports" under the "Test my shields" section) and wanted to avoid having an open ftp-port. From the manual, it sounds like only allowing internal users writing files may allow external users reading files, so the port may show up on scans anyway. But I'll go through the manual very carefully and check the different options.

I'm now considering only using the gateway and mail server parts of e-smith (no ftp or web server), since it may be a good idea to avoid services that are not absolutely necessary.

The SMTP configuration was better than I had expected, very nice to learn about that.

Thanks for helping a e-smith newbie!


Best wishes,

Jonas

[gollem]

I saw a patch on the board last week and if you applied it you got a services option in the e-smith manager. You could then enable/disable all kinds of services including FTP.
Problem is: I can't find the message anymore.

[Jason Miller]

Hi gollem and Jonas,

   It isn't actually a patch, but a contributed module that might make it into the product at some later date.  It can be found here:

ftp://ftp.e-smith.com/pub/e-smith/contrib/JayMiller/RPMS/noarch/

e-smith-service-control-1.1.0-01.noarch.rpm  

   It was created for 4.1 but *should* still work in 4.1.1 and 4.1.2.  It has the usual caveats about user contributed code: unsupported, etc. etc.

   Hope it helps.
   
   Regards,

   Jay

[gollem]

Thanks Jay.