OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: /etc/hosts.deny, SMTP and user bellyaching
From: Infrastructure Dept. (infrastructureNARELLAN.NET)
Date: Wed Oct 11 2000 - 08:35:46 CDT

I am doing exactly what you have, well sort of. I'm doing

ipop3d:PARANOID

because I do other things for other inet services. The PARANOID part of this
forces a forward and reverse DNS lookup. If the host does not resolve
forward and reverse to be the same host it is denied. I advise keeping this
for most services. I do DNS for all my mail customers so I know it's done
right.

-----Original Message-----
From: Focus on Linux Mailing List
[mailto:FOCUS-LINUXSECURITYFOCUS.COM]On Behalf Of Don Felgar
Sent: Friday, October 06, 2000 7:48 PM
To: FOCUS-LINUXSECURITYFOCUS.COM
Subject: /etc/hosts.deny, SMTP and user bellyaching

Anyone have practical advise on allowing mail to be delivered from
mis-configured hosts? People often try to send email to my users, only to
be rebuked as follows (from daemon.log):

    Oct 1 11:51:05 ns tcplogd: smtp connection attempt from
200-221-72-147.dsl-sp.uol.com.br [200.221.72.147]
    Oct 1 11:51:06 ns in.smtpd[8612]: warning: /etc/hosts.deny, line 15:
can't verify hostname: gethostbyname(200-221-72-147.dsl-sp.uol.com.br)
failed

my /etc/hosts.deny line 15 reads "ALL:PARANOID", provided by Debian. I've
sent email to some of these hosts and gotten problems fixed. I've added
SMTP:host entries in /etc/hosts.allow, but the problem doesn't seem to be
going away. I'm hoping there's a better way which is not appreciably less
secure. Should I add SMTP:ALL in /etc/hosts.allow? What are you all doing?

Thanks in advance.