develooper Front page | perl.qpsmtpd | Postings from January 2007

Re: xinetd page (Re: How to get started with qpsmtpd?)

Thread Previous | Thread Next
From:
James Turnbull
Date:
January 23, 2007 23:55
Subject:
Re: xinetd page (Re: How to get started with qpsmtpd?)
Message ID:
45B710E0.9060707@lovedthanlost.net
Hans Salvisberg wrote:
> James Turnbull wrote:
>> What I meant to add was that the xinetd page got rolled into the
>> deployment options summary - it seemed unnecessary to have a page
>> dedicated to x(inetd) alone - the content of the page was changed to
>> mention Peter's patch. I'll update the
>> http://wiki.qpsmtpd.org/deploy:start page with the results of the
>> current discussion.
> 
> I felt some pieces were missing, that's why I kept digging for the old
> page.

I've added some comments to the page reflecting today's discussions.

> BTW, in many places there's talk about "the RPM", but for the
> uninitiated it's difficult to find the RPMs -- Peter doesn't even have a
> link on his home page! As they seem to be considered another somewhat
> official distribution option, it would be helpful to have a link from
> http://smtpd.develooper.com/get.html

I'll go through the Wiki and link references to the RPM.

> BTW2, in your very interesting book (I've barely scratched the surface)
> you advocate obfuscating the MTA banner and version. qpsmtpd's SMTP
> dialog is pretty cute if not downright frivolous. What's your stand here?

Well.  My opinion on this varies depending on the MTA.  It's a minor
advantage to obfuscate the MTA and version but sometimes every edge
counts.  I wrote a couple of tools several years ago to scan MTAs and
return banners and sort by types and versions.  The idea being to find
vulnerable servers - this is especially true of Sendmail installations.
   In my experience a lot of attackers use similar methods to 'sweep' up
vulnerable hosts.  If they can't determine if you're vulnerable they
just might pass you by.  Of course, if they are specifically targeting
you they'll just try every possible attack technique on your ports.

Ultimately, it's a minor change and a minor advantage but I felt it was
worth covering. I've not done it to my qpsmtpd installations but it's on
the list somewhere. :)

Regards

James Turnbull

-- 
James Turnbull <james@lovedthanlost.net>
---
Author of Pro Nagios 2.0
(http://www.amazon.com/gp/product/1590596099/)

Hardening Linux
(http://www.amazon.com/gp/product/1590594444/)
---
PGP Key (http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x0C42DF40)



Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About