From: Paul D. Robertson (no email)
Date: Wed Jan 02 2002 - 08:43:55 EST
On Wed, 2 Jan 2002, Adrian Bolzan wrote:
> My boss has asked me to minimise contact between the internet and the
> internal network (understandable).
>
> Regarding e-mail, he thought that a smtp proxy would assist in this,
> although I realised that (a) it would be another server that could fail,
> need maintainance, etc.; and (b) postfix is very secure, as is linux (or
> can be).
>
> I really just wanted other people's opinion on this.
Make sure you're keeping the Linux machine up to date- things like the
recent glibc patch for glob() are important. Also ensure that you're
using local filtering on that box to ensure that nothing but Postfix and
it's necessary DNS queries are available to the world. Running multiple
services brings the chance of compromise up quickly- especially things
like FTP, or exposing admin interfaces (like ssh) to the entire planet
rather than just the admin's desktop or using console access only.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
which may have no basis whatsoever in fact."
-
To unsubscribe, send mail to with content
(not subject): unsubscribe postfix-users
|
|
|