[Mailman-Users] Re: most secure final config

[Jamie L. Penman-Smithson]

On Mon, 05 Apr 2004 20:48:10 -0400, wslepecki scribbled down:
> Quick newbie question.  I am finishing installing a mailman server and I
> have a security/config question.  What ports do I need to open through
> my firewall, which direction, and how do I set up DNS.

Mailman either uses SMTP or sendmail to send mail to your local SMTP
server, Mailman leaves it to the SMTP server to handle distributing the
mail to its recipients.

If you're handing incoming and outgoing mail on the same server, you need
to have port 25 open both inbound and outbound.

> If im hunch is right, in the firewall, I open smtp out, pop3 in, and the
> server will work.  I don't want to open smtp in because I don't want
> people to hijack my smtp server.  Then again, does mailman have smtp?

You'll need to have some way for people to post to the mailing list -
it's pretty useless otherwise.

I don't know what MTA you're using - so I can't offer any specific advice
on MTA security. The biggest problem when running a mail server is
relaying, although most reasonable MTAs are now secured against relaying
out of the box. See http://mail-abuse.org/tsi/ar-fix.html

This is rather OT for this mailing list - if you still need help, try
posting to your distributions security mailing list,
news://comp.os.linux.security, or your MTAs mailing list or newsgroup.

HTH

-- 
-jamie <jamie at silverdream.org> | spamtrap: spam at silverdream.org
 w: http://www.silverdream.org | p: sms at silverdream.org
 pgp key @ http://silverdream.org/~jps/pub.key
 04:30:01 up 1 day,  5:34,  9 users,  load average: 0.31, 0.26, 0.20