From owner-freebsd-security Sat Sep 23 6:15:52 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.gmx.net (pop.gmx.net [194.221.183.20]) by hub.freebsd.org (Postfix) with SMTP id 01E2437B43E for ; Sat, 23 Sep 2000 06:15:48 -0700 (PDT) Received: (qmail 20033 invoked by uid 0); 23 Sep 2000 13:15:46 -0000 Received: from p3ee20a92.dip.t-dialin.net (HELO speedy.gsinet) (62.226.10.146) by mail.gmx.net with SMTP; 23 Sep 2000 13:15:46 -0000 Received: (from sittig@localhost) by speedy.gsinet (8.8.8/8.8.8) id OAA13959 for security@FreeBSD.ORG; Sat, 23 Sep 2000 14:29:22 +0200 Date: Sat, 23 Sep 2000 14:29:22 +0200 From: Gerhard Sittig To: security@FreeBSD.ORG Subject: Re: sendmail default run state Message-ID: <20000923142922.F5065@speedy.gsinet> Mail-Followup-To: security@FreeBSD.ORG References: <200009222012.e8MKCRF12785@cwsys.cwsent.com> <20000923004924.A35072@mithrandr.moria.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <20000923004924.A35072@mithrandr.moria.org>; from nbm@mithrandr.moria.org on Sat, Sep 23, 2000 at 12:49:24AM +0200 Organization: System Defenestrators Inc. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Sep 23, 2000 at 00:49 +0200, Neil Blakey-Milner wrote: > On Fri 2000-09-22 (23:37), David Pick wrote: > > > > [ ... ] > > Is there a way to tell sendmail what IP addresses to bind? Put a wrapper around it. Have per interface instances of inetd running (there are options for specifying the IP as well as the conf file). Or wrap your (TCP) services in the ucspi-tcp package. This will provide you fine grained control over accessibility, rate limits, memory consumption, env var controllable features, etc. > My thinking is that people who start firewalling things are > quite able to change the option the way they like. Unless there's a recent(?) development towards the urban legend that "firewall functionality can be bought". More and more (new) sysadmins believe in distributors to provide a working firewall they just have to set two or three variables for - but not more, since this would stress them more than they could bear. I hope I'm wrong with this imression, but experience makes me think I'm not. :( virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message