[PLUG] Re: [eug-lug]Spam Filtering With Remote Access

Cooper Stevenson cooper at cooper.stevenson.name
Fri Jul 18 11:27:01 UTC 2003


On Fri, 2003-07-18 at 11:22, Cory Petkovsek wrote:

> What is not correct?
> Are you refuting that accessing a samba share across the internet is
> insecure?  Or are you saying my interpretation of your setup is not
> correct. 

Your interpretation of my setup is not correct. I mean, how does one do
SMB communications through the mail client? That's a dialog box I
haven't seen yet :-). It's through IMAP. Trust me.

>  You had said the system may be one system and it may not have
> a firewall.  Logic leads us to believe that samba would be on a
machine
> plugged directly in to the internet.  

No, it's a smbmount pointing to an NT server on the Linux box. The files
themselves are on another machin on the internal subnet. See to my
comment about adding a second NIC with routing to be doubly secure.

> Without a firewall, this is not
> secure.  Without a firewall, how can you require all communications to
> occur through port 143?

Reject the traffic with IP tables. Better to have a firewall.

> 
> Also port 143 is for imap without ssl, which means plain text
passwords
> having access to not only an imap server but also a file server
through
> imap and is even less secure with greater liability than using samba.

Pardon me. IMAPS, port 993. My mistake.

-- 
--------------------------------------------------------------
| Cooper Stevenson        | Em: cooper at cooper.stevenson.name |
| Open Source Consultant  | Ph: 541.924.9434                 |
--------------------------------------------------------------






More information about the PLUG mailing list