Firewall Wizards mailing list archives
Re: Rules for mailserver which is in internet zone ??
From: jseymour () LinxNet com (Jim Seymour)
Date: Fri, 12 Dec 2003 08:29:08 -0500 (EST)
Dilip M <dilipm () bristolindia com> wrote:
Hi, Consider that my mail machine is in internet zone and i do pop directly from that machine. What is a best rules to have on it to be secure??
I'm guessing you mean, by that, that you want to access the machine from the outside? Via the Internet? I would move the POP server to a dedicated machine on a third network. E.g.: 'net --- FW --- secure LAN | | semi-secure 3rd network | POP server for starters. That machine would be locked-down, running nothing *but* popd. (And smtpd--see following.) Secondly: You're going to need SMTP access to the same machine, no? Else how will clients *send* email? I don't think you want to poke a hole for SMTP through your firewall to your inside machine, on your "secure LAN," do you? Speaking of SMTP: No matter which way you handle that, how will you handle identification/authentication to make sure clients using your SMTP server are *yours*, and not a spammer/cracker (attempting to) abuse it? SMTP AUTH (along with some IP-based restrictions to at least broad network ranges, if possible) would be your friend there, I should think. Or at least POP-before-SMTP. This way, if your client email services machine is compromised, all that's at risk is your 3rd, not-quite-as-secure, network, rather than your secure LAN. Speaking of compromise: On the client email services machine, I'd use a set of services that allowed me to create client email services that didn't require local user accounts, such as the Cyrus IMAP server suite, perhaps. -- Jim Seymour | Spammers sue anti-spammers: jseymour () LinxNet com | http://www.LinxNet.com/misc/spam/slapp.php http://jimsun.LinxNet.com | Please donate to the SpamCon Legal Fund: | http://www.spamcon.org/legalfund/ _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Rules for mailserver which is in internet zone ?? Dilip M (Dec 11)
- Re: Rules for mailserver which is in internet zone ?? Jim Seymour (Dec 12)