Koozali.org: home of the SME Server

Legacy Forums => General Discussion (Legacy) => Topic started by: Jonas Karlsson on April 26, 2001, 01:13:46 AM

Title: Newbie: close services
Post by: Jonas Karlsson on April 26, 2001, 01:13:46 AM

Hello, I wan't to do the following:

1. Close the ftp service since I don't use it. Is it enough to remove the ftp hostname in the web interface? (don't think so).

2. Only use the mail server for outgoing mail, not incoming. The clients can get it directly from another server. I've heard that smtp is unsafe, is that true for the default e-smith configuration?

Thank you in advance for the help!

Jonas

Title: Re: Newbie: close services
Post by: Gordon Rowell on April 26, 2001, 05:37:51 AM

Jonas Karlsson wrote:
>
> Hello, I wan't to do the following:
>
> 1. Close the ftp service since I don't use it. Is it enough
> to remove the ftp hostname in the web interface? (don't think
> so).

www.e-smith.org/docs/manual, in particular 9.2

> 2. Only use the mail server for outgoing mail, not incoming.
> The clients can get it directly from another server. I've
> heard that smtp is unsafe, is that true for the default
> e-smith configuration?

No, e-smith's SMTP configuration is designed with security as a prime goal. We use a secure email system, and protect it with additional restrictions (running under a protected user in what is known as a chroot() jail).

Gordon

Title: Re: Newbie: close services
Post by: Jonas Karlsson on April 26, 2001, 01:33:38 PM

Thank you Gordon for the nice reply!

The reason for my question was that I tried the online port scanning at http://www.grc.com ("Probe my ports" under the "Test my shields" section) and wanted to avoid having an open ftp-port. From the manual, it sounds like only allowing internal users writing files may allow external users reading files, so the port may show up on scans anyway. But I'll go through the manual very carefully and check the different options.

I'm now considering only using the gateway and mail server parts of e-smith (no ftp or web server), since it may be a good idea to avoid services that are not absolutely necessary.

The SMTP configuration was better than I had expected, very nice to learn about that.

Thanks for helping a e-smith newbie!


Best wishes,

Jonas

Title: Re: Newbie: close services
Post by: gollem on April 26, 2001, 04:09:38 PM

I saw a patch on the board last week and if you applied it you got a services option in the e-smith manager. You could then enable/disable all kinds of services including FTP.
Problem is: I can't find the message anymore.

Title: Re: Newbie: close services
Post by: Jason Miller on April 26, 2001, 08:07:15 PM

Hi gollem and Jonas,

   It isn't actually a patch, but a contributed module that might make it into the product at some later date.  It can be found here:

ftp://ftp.e-smith.com/pub/e-smith/contrib/JayMiller/RPMS/noarch/

e-smith-service-control-1.1.0-01.noarch.rpm  

   It was created for 4.1 but *should* still work in 4.1.1 and 4.1.2.  It has the usual caveats about user contributed code: unsupported, etc. etc.

   Hope it helps.
   
   Regards,

   Jay

Title: Re: Newbie: close services
Post by: gollem on April 27, 2001, 04:36:14 PM

Thanks Jay.