Firewall Wizards mailing list archives
Re: SMTP Firewall
From: "Paul D. Robertson" <proberts () clark net>
Date: Fri, 10 Sep 1999 00:02:24 -0400 (EDT)
On Thu, 9 Sep 1999, Joseph S D Yao wrote:
Might be better to run a simpler e-mail proxy. But the reference to
A simpler e-mail normally proxy doesn't offer the ability to do complex protection things. It's a lot easier to do filtering, validation and even tunnel detection/prevention on a full to semi-full mail system than it is to do it on a simple proxy that's not offering much more than plug-gw. SMAP is an example of this. Look how long it took TIS/NAI to do anti-relay protection suitably in it. It's simple, but there's some benifit to having more complexity, balanced of course with viability and verifyability. You couldn't do dynamic anti-relay stuff for literally months. IOW, it's pretty easy to write a simple proxy, it's harder to offer more than minimal protection for a complex protocol with a simple proxy. When it comes to mail, if you follow the tennents that mail should *never* *ever* be lost, it's even more difficult to write something that checks for obscure system problems that would cause a file to be dumped at system failure.
inetd.conf is that he will edit out [rather than comment out] all OTHER network protocols served by 'inetd'. Perhaps better not even to run 'inetd'.
Depends on the mail system. I'd trust postfix or qmail/tcpserver to handle themselves well under both load and duress, other things I'd look for one of the modified inetds. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () clark net which may have no basis whatsoever in fact." PSB#9280
Current thread:
- SMTP Firewall Roy Stevens (Sep 07)
- Re: SMTP Firewall Randy Witlicki (Sep 07)
- Re: SMTP Firewall Chip Christian (Sep 08)
- Re: SMTP Firewall Joseph S D Yao (Sep 09)
- Re: SMTP Firewall Chip Christian (Sep 09)
- Re: SMTP Firewall Paul D. Robertson (Sep 10)
- Re: SMTP Firewall Chip Christian (Sep 08)
- Re: SMTP Firewall Randy Witlicki (Sep 07)
- Re: SMTP Firewall Joseph S D Yao (Sep 07)
- Re: SMTP Firewall Siglite (Sep 08)
- <Possible follow-ups>
- Re: SMTP Firewall Kenneth_W_Fox (Sep 08)
- Re: SMTP Firewall Roy Stevens (Sep 08)