When localhost is not
/etc/hosts is a file where these entries should never be touched:
However, during my last trip to my VPS to fix my mail system after opendkim update in Ubuntu 10.04 I found something interesting in netstat:
$ sudo netstat -lntp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address ... PID/Program name ... tcp 0 0 173.212.238.58:8891 ... 15410/opendkim
Basically, when I specified localhost in opendkim configuration, it was
listening on a public interface instead. Pinging localhost revealed it is
actually a non-loopback address:
It looks like it’s been this way since the very begninning, as my
/etc/hosts had the following:
# Auto-generated hostname. Please do not remove this comment. 173.212.238.58 yankee.lappyfamily.net yankee localhost 204538 localhost.localdomain
And this was clearly a misconfiguration (I am sure 204538 is a good hostname).
I looked at my local Ubuntu installation and updated the VPS so that the hosts file became:
127.0.0.1 localhost ::1 ip6-localhost ip6-loopback # Auto-generated hostname. Please do not remove this comment. 173.212.238.58 yankee.lappyfamily.net yankee
After this I restarted all the applications that were supposed to listen on
the loopback interface and verified the fix with netstat again.
First of all, you need to have a firewall configured on your servers and allow only trusted incoming connections to trusted applications. This is what prevented my opendkim installation from accepting the incoming requests from the internet.
Second, you need to verify that localhost actually refers to the loopback
interface and does not resolve to your public one, as you have a fully
qualified name for that purpose.
I found that now the control panel for the VPS I am using correctly generates the hostname line, but it may not have been the case a year ago when I got the VPS first configured.