[PLUG] Re: [eug-lug]Spam Filtering With Remote Access
Cooper Stevenson
cooper at cooper.stevenson.name
Fri Jul 18 11:45:02 UTC 2003
Cory,
Please take this conversation off-list.
Sincerly,
Cooper Stevenson
On Fri, 2003-07-18 at 11:42, Cory Petkovsek wrote:
> On Fri, Jul 18, 2003 at 11:52:36AM -0700, Cooper Stevenson wrote:
> > On Fri, 2003-07-18 at 11:22, Cory Petkovsek wrote:
> >
> > > What is not correct?
> > > Are you refuting that accessing a samba share across the internet is
> > > insecure? Or are you saying my interpretation of your setup is not
> > > correct.
> >
> > Your interpretation of my setup is not correct. I mean, how does one do
> > SMB communications through the mail client? That's a dialog box I
> > haven't seen yet :-). It's through IMAP. Trust me.
> If my interpretation is not correct, then you should change your ad to
> reflect a more accurate image. This is what I saw in your initial email:
>
> > The Goal: build a server that will effectively filter spam, deliver
> > email, and provide convenient remote access to corporate data. The
> > server may or may not be behind a firewall, so security is of primary
> > importance.
> >
> > Of course, to avoid vendor lock-in and restrictive licensing contracts
> > while at the same time increase security and reliability, the server
> > should run Open Source software.
>
> > The Solution: Postfix + Spamassassin + UW IMAP + Samba + Apache Web
> > Server + SquirrelMail
>
> You mention "the server" and "a server" and "Samba" which is the server
> component of the cifs/smb protocol on unix systems.
>
> > > You had said the system may be one system and it may not have
> > > a firewall. Logic leads us to believe that samba would be on a
> > machine
> > > plugged directly in to the internet.
> >
> > No, it's a smbmount pointing to an NT server on the Linux box. The files
> > themselves are on another machin on the internal subnet. See to my
> > comment about adding a second NIC with routing to be doubly secure.
>
> Adding another nic and routing doesn't do anything to give one added
> security, it merely adds in another hop. Correct logic rules in
> packet filtering does.
>
>
> > > Without a firewall, this is not
> > > secure. Without a firewall, how can you require all communications to
> > > occur through port 143?
> >
> > Reject the traffic with IP tables. Better to have a firewall.
>
> Netfilter+iptables _is_ a firewall and a very good one, _if_ configured
> properly.
>
> Cory
--
--------------------------------------------------------------
| Cooper Stevenson | Em: cooper at cooper.stevenson.name |
| Open Source Consultant | Ph: 541.924.9434 |
--------------------------------------------------------------
More information about the PLUG
mailing list