Thanks for the suggestion to read about tcpwrappers. I have also read the Security Quick-start howto and found it useful.
One problem I am still coming to grips with is email. I am running qmail out of xinetd and using tcp-env for the smtp service. I tried putting the qmail daemons into hosts.allow (ie: qmail-smtpd: ALL), and then ALL:ALL in hosts.deny, but it denied access to all incoming emails. At the moment, I have ALL: PARANOID set in hosts.deny, but this won't allow some incoming emails and gives an error on the line where I have the line .domain.com.au set in hosts.allow, where ns.domain.com.au is our nameserver. Anyone know how I let all emails to our domain through, whether or not I can do a lookup on them? I know that our DNS works fine as I get the same error using a machine at home from a different ISP and different DNS server. I am assuming that hosts that fall into the PARANOID category must not have their DNS files setup right, or they may not be legitimate users. I suppose the other option is to try and run qmail using daemontools and uspci as the qmail manuals and life with qmail suggests. Thanks Rob.... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
