I've set up email alerts on AIX Servers. so that i can get email notifications (via mail relay server) when ever there is abnormal behavior.
for example
1) my script monitors CPU/disk/memory etc... when it reaches high water ark, it will send an email alert.
2) disk usage alerts
3) errpt output to my email
4) syslog events..etc
will it affect my AIX LPAR system security because of this ? i mean mail relay server is not unix based.
note: we do not have any kind of security scanner / anti-virus software on LPARs.
You're more than likely sending text messages; however, it possibly exposes a bit of network information of your company...but then you have a firewall to prevent this. In this case, you can install anti-virus and mail scanning on your machine where you receive email if necessary.
First off, if you are sending mails that does not mean you have to receive them too. Just limit (effectively forbidding) mail receipt.
Second, there are no known viruses for AIX at all, so what would you need a virus scanner for? Virus scanner are for Windows machines because the OS is so poorly designed that there is an avalanche of malware possible and an equal avalanche of ways to apply same open. This is not so with AIX.
Third: viruses and other malware do not spread by magic. The most common way to infect machines is to have mail programs automatically execute every executable attachment they receive. This is simply not the case with AIX's mail client. So even if you would receive a mail containing malware and even if your setup is not to drop incoming mail without notice and even if it would do damage if run: you, as the receiver of the mail, would still have to consciously run it to execute it all. Until this it is just another string of data and harmless.
thanks much for clarifying the things related to mail/security on AIX.
@blackrageous
Thanks for the response.
my main concern was not to affect the AIX LPAR security. Actually am not much concerned about my work station. We already have anti-virus s/w on my work station (PC). ty
@bakunin
Thanks for the detailed explanation. really appreciate your input.
I understand that sending email from AIX server to windows/out side wont affect. but other way in case if execute any malicious program.
last question for now...
is there any way that we can restrict incoming mails to AIX from mail server/some other sources ? (*we should be able to SEND out from AIX at the same time)
This is what i meant: yes, you can configure the MTA (in most cases sendmail ) to send mail but block/discard any incoming mail at all.
I suggest you get a good book on sendmail (there is one from O'Reilly i can suggest) and start reading - or you hire some expert to do it for you. Explaining how to configure this complex beastie over the internet and via a forum is way beyond the scope of here, sorry. (There is a reason why books have been written about the configuration of sendmail.)
Thank you for the information. Sorry I didn't mean to get the full explanation. I was curious whether you guys have some tips on top of your head. I will look into the appropriate docs.