|
|
@@ -1038,7 +1038,7 @@ Set the following properties:
|
|
1038
|
1038
|
TCP_PORTS="1,7,9,11,15,79,109,110,111,119,138,139,512,513,514,515,540,635,1080,1524,2000,2001,4000,4001,5742,6000,6001,6667,12345,12346,20034,27665,30303,32771,32772,32773,32774,31337,40421,40425,49724,54320"
|
|
1039
|
1039
|
UDP_PORTS="1,7,9,66,67,68,69,111,137,138,161,162,474,513,517,518,635,640,641,666,700,2049,31335,27444,34555,32770,32771,32772,32773,32774,31337,54321"
|
|
1040
|
1040
|
|
|
1041
|
|
-ADVANCED_EXCLUDE_TCP="113,139,70,80,443,143,6670,993,5060,5061,25,465,22,5222,5223,5269,5280,5281,8432,8433,8444"
|
|
|
1041
|
+ADVANCED_EXCLUDE_TCP="113,139,70,80,443,587,143,6670,993,5060,5061,25,465,22,5222,5223,5269,5280,5281,8432,8433,8444"
|
|
1042
|
1042
|
ADVANCED_EXCLUDE_UDP="520,138,137,67,70,80,443,143,6670,993, 5060,5061,25,465,22,5222,5223,5269,5280,5281,8444"
|
|
1043
|
1043
|
|
|
1044
|
1044
|
SCAN_TRIGGER="2"
|
|
|
@@ -1139,7 +1139,7 @@ iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
|
|
1139
|
1139
|
|
|
1140
|
1140
|
# Drop UDP to used ports
|
|
1141
|
1141
|
iptables -A INPUT -p udp --match multiport --dports 70,80,443,143,6670,993,5060,5061,25 -j DROP
|
|
1142
|
|
-iptables -A INPUT -p udp --match multiport --dports 465,22,5222,5223,5269,5280,5281,8444 -j DROP
|
|
|
1142
|
+iptables -A INPUT -p udp --match multiport --dports 465,587,22,5222,5223,5269,5280,5281,8444 -j DROP
|
|
1143
|
1143
|
|
|
1144
|
1144
|
# Limit ssh logins
|
|
1145
|
1145
|
iptables -A INPUT -p tcp --dport 22 -m limit --limit 3/minute --limit-burst 1 -j ACCEPT
|
|
|
@@ -1167,6 +1167,7 @@ iptables -A INPUT -p tcp --dport 5060:5061 -m limit --limit 3/minute --limit-bur
|
|
1167
|
1167
|
# Limit SMTP/SMTPS connections
|
|
1168
|
1168
|
iptables -A INPUT -p tcp --dport 25 -m limit --limit 3/minute --limit-burst 1 -j ACCEPT
|
|
1169
|
1169
|
iptables -A INPUT -p tcp --dport 465 -m limit --limit 3/minute --limit-burst 1 -j ACCEPT
|
|
|
1170
|
+iptables -A INPUT -p tcp --dport 587 -m limit --limit 3/minute --limit-burst 1 -j ACCEPT
|
|
1170
|
1171
|
|
|
1171
|
1172
|
# Limit Bitmessage connections
|
|
1172
|
1173
|
iptables -A INPUT -p tcp --dport 8444 -m limit --limit 3/minute --limit-burst 1 -j ACCEPT
|
|
|
@@ -1455,7 +1456,7 @@ Save and exit.
|
|
1455
|
1456
|
#+BEGIN_SRC: bash
|
|
1456
|
1457
|
editor /etc/default/exim4
|
|
1457
|
1458
|
change SMTPLISTENEROPTIONS to:
|
|
1458
|
|
-SMTPLISTENEROPTIONS='-oX 465:25 -oP /var/run/exim4/exim.pid'
|
|
|
1459
|
+SMTPLISTENEROPTIONS='-oX 465:25:587 -oP /var/run/exim4/exim.pid'
|
|
1459
|
1460
|
#+END_SRC
|
|
1460
|
1461
|
|
|
1461
|
1462
|
save and exit
|
|
|
@@ -6562,7 +6563,7 @@ The following ports on your internet router/firewall should be forwarded to the
|
|
6562
|
6563
|
| IMAP | 143 |
|
|
6563
|
6564
|
| IRC SSL | 6670 |
|
|
6564
|
6565
|
| SIP | 5060..5061 |
|
|
6565
|
|
-| SMTP | 25 |
|
|
|
6566
|
+| SMTP | 25,587 |
|
|
6566
|
6567
|
| SMTPS | 465 |
|
|
6567
|
6568
|
| SSH | 22 |
|
|
6568
|
6569
|
| XMPP | 5222..5223 |
|
Bob Mottram
11 年前