HPE Community
Operating System - HP-UX
1837874 Members
3692 Online
110122 Solutions
New Discussion

SMTP-Turn It OFF?

 
SOLVED
Go to solution
Global Server Operation
Frequent Advisor

‎08-31-2004 05:55 AM

‎08-31-2004 05:55 AM

SMTP-Turn It OFF?

HP 9000/L3000 OS 11.i


I am asked to satisfy an audit request to turn off SMTP and Finger. How do I do this?
0 Kudos
Reply
10 REPLIES 10
Sridhar Bhaskarla
Honored Contributor

‎08-31-2004 06:01 AM

‎08-31-2004 06:01 AM

Solution

Re: SMTP-Turn It OFF?

Hi,

To turn-off sendmail running as a daemon, do

/sbin/init.d/sendmail stop and then edit /etc/rc.config.d/mailservs and make export SENDMAIL_SERVER=0. Make sure you don't have a sendmail process running ( ps -ef|grep sendmail). With it you will not be able to receive mail on the box unless it is internal.

To turn-off finger, edit /etc/inetd.conf and comment out the line that starts with finger. It's a good idea to look at other lines and comment them out if you don't use them. For ex., tftp, ntalk, ident etc., Once the editing is done, refresh inetd configuration using the command 'inetd -c'.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Reply
Jeff_Traigle
Honored Contributor

‎08-31-2004 06:02 AM

‎08-31-2004 06:02 AM

Re: SMTP-Turn It OFF?

SMTP:

1. /sbin/init.d/sendmail stop
2. Edit /etc/rc.config.d/mailservs
3. Set SENDMAIL_SERVER=0
4. Save and quit

finger server:

1. Edit /etc/inetd.conf
2. Comment finger entry (Put # in front of it)
3. Save and quit
4. inetd -c
--
Jeff Traigle
Reply
Pratyush Paul_1
Valued Contributor

‎08-31-2004 04:01 PM

‎08-31-2004 04:01 PM

Re: SMTP-Turn It OFF?

Hi -

You need to comment out the smtp port 25 in your /etc/services too.

Thanks

Pratyush
Die Hard
Reply
Global Server Operation
Frequent Advisor

‎08-31-2004 09:15 PM

‎08-31-2004 09:15 PM

Re: SMTP-Turn It OFF?

I stopped the daemon for sendmail but I did not comment out smtp in /etc/services. I will do this. I commented out finger in /etc/services and it was already commented out in /etc/inetd.conf. I was still able to use the finger command. Is there anything else I need to do for turning off finger?
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎09-01-2004 02:14 AM

‎09-01-2004 02:14 AM

Re: SMTP-Turn It OFF?

Stopping finger by commneting it out in the /etc/inetd.conf stops other servers from remotely running a finger on the server.

finger will always work on the local host - unless you remove the binary...

/usr/bin/finger

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Reply
Jeff Schussele
Honored Contributor

‎09-01-2004 02:30 AM

‎09-01-2004 02:30 AM

Re: SMTP-Turn It OFF?

Commenting out SMTP is /etc/services is not really necessary. As long as the SendMail daemon is not running, nothing will be listening on port 25.
Just make sure you set SENDMAIL_SERVER=0 in the /etc/rc.config.d/mailservs file so it won't start at boottime.

My $0.02,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Reply
Global Server Operation
Frequent Advisor

‎09-01-2004 02:51 AM

‎09-01-2004 02:51 AM

Re: SMTP-Turn It OFF?

What about commenting ot finger in /etc/services? Will that harm anything?
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎09-01-2004 03:00 AM

‎09-01-2004 03:00 AM

Re: SMTP-Turn It OFF?

No - it won't harm anything.
/etc/services is just a lookup file so the system can put a name on a service.
Although in a few cases it can stop a service from responding. It all depends on how the service is coded. If the code *requires* a services entry then commenting it out can halt the service. But not all do that.

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Reply
Sridhar Bhaskarla
Honored Contributor

‎09-01-2004 03:05 AM

‎09-01-2004 03:05 AM

Re: SMTP-Turn It OFF?

Hi,

/etc/services is a mere lookup file for service to port. Most of the programs have been designed to get their port information from /etc/services (getservent) than having the port hardcoded in the code. So, uncommenting it in services is an extra measure.

inetd is responsible for listening at this port for fingered. If 'finger' is not present in /etc/services will cause inetd to give out the error "unknown service". But turning off finger in inetd.conf is the sureway to disable finger.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Reply
Global Server Operation
Frequent Advisor

‎09-01-2004 03:22 AM - last edited on ‎09-16-2024 02:09 AM by

‎09-01-2004 03:22 AM - last edited on ‎09-16-2024 02:09 AM by

Re: SMTP-Turn It OFF?

Thanks everyone. I really appreciate the feedback. Very helpful information.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.