
	Search: For: ~ Advanced Search

Support Home > Signature > Administration >

Thursday, August 28, 2008

Controlling Services

You can control various services on the server that are started by an inetd-type process such as telnet, ftp, smtp, pop, or imap. When a connection is received by the system for one of these services, the system looks for the configuration file (~/etc/hosts.allow) that contains instructions on how to handle these services.

To configure your server to deny troublesome IPs, you can create and edit the ~/etc/hosts.allow file.

The generic format of the hosts.allow file is described in hosts_options, section (5).

To read the hosts_options man page:

Connect to your server using SSH and type the following:

% man 5 hosts_options

Some implementation details are specific to the system that differ from the manpage documentation:

The daemon_list is actually a service_list. The services are specified by name as listed in /etc/services. Since some services are run on multiple ports (such as smtp), any instructions to manage these should include smtp (port 25), submission (port 587), and aol (port 5190).

The only supported options are: allow, deny, twist, and setenv.

Each hosts.allow file edit example listed below works independently of the others. As soon as a connection is matched to the appropriate service/client pair, the processing of the file ends. Therefore, order is significant in the arrangement of the rules within the hosts.allow file.

The following procedures assume that you have logged in to your server using SSH and have created and opened the ~/etc/hosts.allow file in an editor.

To create the hosts.allow file:

Type the following: cd ~/etc

vi hosts.allow

To block incoming mail from certain IP addresses:

Type the following:

smtp submission aol : 192.168.1.1 : deny

To block incoming mail from everywhere except certain whitelisted IP addresses:

Make entries that "allow" in the file before entries that will "deny" or "refuse." Type the following:

smtp submission aol : 192.168.2.2 : allow

smtp submission aol : ALL : deny

To cleanly deny service and request that the sender retry later:

Type the following:

smtp submission aol : ALL : twist /bin/echo "450 account busy, please try/ later."

To provide a more descriptive reason for blocking:

Type the following:

smtp submission aol : 192.168.1.1 : twist /bin/echo "550 Connection refused/ --too much spam from your IP"

To set optional directives which influence the behavior of the process (if the service uses environment variables):

Type the following:

smtp submission aol : 192.168.2.2 : allow

smtp submission aol : ALL : setenv RBL : setenv RBLONLYHEADER : RBLLIST /usr/home/[user]/etc/rbllist

To disable Telnet, thereby forcing shell access through SSH:

Type the following:

telnet : ALL : deny

To tighten security on FTP (if you know where people will be uploading content from you):

Type the following:

ftp : 192.168.2.2 : allow

ftp : 192.168.2.3 : allow

ftp : ALL : deny

Technical Support

°	Getting Started Guides
	FreeBSD
°	Basic Hosting Help
°	Signature Hosting Help
°	VPS v1 Help
°	VPS v2/3 Help
°	MPS v2/3 Help
	Linux
°	VPS v3 Help
°	MPS v3 Help
	SaaS
°	Sugar CRM
	DNS
°	Domain Name Service
°	Domain Registration
°	Help Desk
°	Knowledgebase
°	Support Policies
°	Disclaimer

°	AlpineWeb Home
°	Compare Hosting Plans
°	Network Topology

°	Rates & Fees
°	Order Center

Home | Site Map | Customer Backroom