HPE Community
Operating System - HP-UX
1752679 Members
5486 Online
108789 Solutions
New Discussion юеВ

Re: blocking sendmail ports 25 and 587

 
SOLVED
Go to solution
Dave Cast
Frequent Advisor

тАО06-23-2008 08:43 AM

тАО06-23-2008 08:43 AM

blocking sendmail ports 25 and 587

I have an HPUX 11.31 server and am trying to block ports 25 and 587 to comply with a security audit....here's my ipf.conf file:

block in quick proto tcp from any to any port = 25
block in quick proto tcp from any to any port = 587

I then load with:
ipf -Fa -Ad -f /etc/opt/ipf/ipf.conf

and get no errors...I can see the rules are active with:

ipfstat -ioh
empty list for ipfilter(out)
0 block in quick on lan2 proto tcp from any to any port = 25
0 block in quick on lan2 proto tcp from any to any port = 587

but when I run a scan with nmap from my workstation both 25 and 587 are still showing open...

I should say that I didn't have any problems getting this working my HPUX 11.0 servers...

What gives?
Today is different and tomorrow the same.
0 Kudos
Reply
6 REPLIES 6
Steven E. Protter
Exalted Contributor

тАО06-23-2008 08:57 AM

тАО06-23-2008 08:57 AM

Re: blocking sendmail ports 25 and 587

Shalom,

Perhaps the ipf daemon itself is not running.

Check the startup script in /sbin/init.d

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Tim Nelson
Honored Contributor

тАО06-23-2008 08:58 AM

тАО06-23-2008 08:58 AM

Re: blocking sendmail ports 25 and 587

what if you just turned of smtp and whatever service is running on port 587 ?

If no service is running then nothing can talk to them ?

Reply
Dave Cast
Frequent Advisor

тАО06-23-2008 09:35 AM

тАО06-23-2008 09:35 AM

Re: blocking sendmail ports 25 and 587

> Shalom,

>Perhaps the ipf daemon itself is not running.

>Check the startup script in /sbin/init.d

>SEP

here's my ps output:

ps -ef|grep -i ipmon
root 24740 18103 0 13:22:55 pts/0 0:00 grep -i ipmon
root 23999 1 0 13:06:31 ? 0:00 ipmon -sD

I've restarted it also to make sure - to no avail...any other ideas? I've tried several different rules (specifying lan2 instead of any, etc.)
Today is different and tomorrow the same.
0 Kudos
Reply
Jeeshan
Honored Contributor

тАО06-23-2008 10:07 PM

тАО06-23-2008 10:07 PM

Solution

Re: blocking sendmail ports 25 and 587

Hi Dave

better you check out the docs from docs.hp.com for IP Filter

http://www.docs.hp.com/en/5991-7705/index.html
a warrior never quits
Reply
Steve Lewis
Honored Contributor

тАО06-24-2008 05:30 AM

тАО06-24-2008 05:30 AM

Re: blocking sendmail ports 25 and 587

1. Are there any other rules in the ipf.conf, above those sendmail rules but which have 'quick' specified. They may cause it to jump out before the ones you want.

2. You can also stop sendmail listening on those ports by editing /etc/rc.config.d/mailservs and specifying SENDMAIL_SENDONLY=1, then stop and start sendmail with /sbin/init.d/sendmail stop ; /sbin/init.d/sendmail start.

Its a better way than trying to use ipfilter. It won't stop you sending mail out from the server but it stops it receiving.

Reply
Dave Cast
Frequent Advisor

тАО06-24-2008 06:06 AM

тАО06-24-2008 06:06 AM

Re: blocking sendmail ports 25 and 587

Well I found out what the problem was - I thought it was going to be something really stupid and it was...in HPUX 11.0 once you define the rules, run /sbin/init.d/ipfboot, and run ipf -Fa -f /etc/opt/ipf/ipf.conf the firewall is ON! NOT SO in 11.31...after the aforementioned steps you must run ipfilter -e
to enable it....


*#&@#$%$^)(^&#$@ IT!
Today is different and tomorrow the same.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.