I need an email server, or something
Matthew Carpenter
mcarpenter at intelguardians.com
Sat Oct 27 13:38:20 PDT 2007
On Sunday 21 October 2007, Michael Hipp wrote:
> David A. Bandel wrote:
> > On 10/19/07, Michael Hipp <Michael at hipp.com> wrote:
> >> I support Linux servers scattered hither and yon. I'd like for them to
> >> send me various emails when bad things happen or to report on this or
> >> that.
> >>
> >> Problem is, many of them are served by ISPs whose smtp server requires
> >> authentication. I often do not have access to the login credentials. I
> >> don't want to store login credentials for my own email server on these
> >> servers owned by clients (and not under my physical control).
> >> Additionally, lots of these ISPs block outbound port 25.
> >
> > 1. Put up an e-mail server, use a non-standard port (like 8025), have
> > them e-mail directly to you on that port (part of your script).
> >
> > 2. Use the submissions port on your server and only accept from those
> > IPs (so spammers can't take advantage).
> >
> > 3. Forget e-mail and just stream the data to a server of yours.
> > Along those same lines, have the other server just do FTP to your
> > server.
> >
> > There are more ways, but this should give you some food for thought.
>
> Thanks. I think some combo of #1 and #2 is what I'll try.
Good. Do.
Whatever you do, do *not* use SNMP over the Internet. Even locking down the
firewall to only allow SNMP from the correct host, the traffic is UDP (making
the source IP address easily spoofed), and the "credentials" are still handed
through the Internet clear-text. There was talk of some improvement, but
I've never heard any traction on it to date. This is one vector I look for
while penetration-testing a client's network.
SNMP is for monitoring systems within your own network.
David's suggestions hold water. They should work fine, and I've done them
myself. The other option is to attempt using SMTPS on port 465. If that's
allowed through, you get both encryption and a standard port.
Otherwise, I might take David's idea and use a port redirector like stunnel
and inetd) to grab the high port and redirect it to localhost:25, simplifying
your email config.
$0x02
--
Matthew Carpenter
mcarpenter at intelguardians.com
http://www.intelguardians.com
PGP Fingerprint:
87EB 54A8 FB42 0A0E B8AE CDA7 FF99 2A64 E70F 4466
hkp://wwwkeys.pgp.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mailman.celestial.com/pipermail/linux-users/attachments/20071027/6f18af71/attachment-0002.bin
More information about the Linux-users
mailing list