Date: Sun, 8 Sep 1996 08:56:03 +0100 (GMT+0100) From: "Alain FAUCONNET" <af@biomath.jussieu.fr> To: kurt@cyberbeach.net (Kurt Schafer) Cc: questions@freebsd.org Subject: Re: Sendmail...the saga Message-ID: <199609080756.AA21345@iaka.biomath.jussieu.fr> In-Reply-To: <1.5.4.32.19960908122054.008c93ac@post.cyberbeach.net> from "Kurt Schafer" at Sep 8, 96 08:20:54 am
next in thread | previous in thread | raw e-mail | index | archive | help
Kurt Schafer wrote / a ecrit:
>
> Timeouts, timeouts, still timeouts on outbound mail.
>
> Would I be opening the gate to disaster if I were to set my Cisco to use
> the following filter rules for both incoming and outbound packets ?
>
> permit icmp any any
> permit tcp any any
> permit udp any any
>
If you do that, make sure that your don't export filesystems by NFS without
restrictions on what clients can mount them (list of hosts or netgroup).
Also don't export any with root access enabled.
It would certainly be better if your NIS domain name is not obvious.
That would make life more difficult for someone who wants to download
your NIS passwd map.
These are the two things crossing my mind now, there are probably a
lot of others to check...
Oh, and if you're running a DNS server for your domain, make sure that
the CISCO allows connections to 53/udp and 53/tcp from outside.
Also allow connections to 113/tcp from outside (identd). These two
gotchas caused me some trouble when I worked on the access lists of
our CISCO, effectively causing long delays when connection to some
services (I can't remember about mail, though).
_A_
--
Alain FAUCONNET Ingenieur systeme - System Manager AP-HP/SIM
Public Health 91 bld de l'Hopital 75013 PARIS FRANCE
Medical Computing Research Labs Mail: af@biomath.jussieu.fr
Tel: (+33) 1-40-77-96-19 Fax: (+33) 1-45-86-80-68
I've RTFMed. It says: "Refer to your system administrator"
But... I *am* the system administrator :-]
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199609080756.AA21345>