[PLUG] Re: [eug-lug]Spam Filtering With Remote Access

Cooper Stevenson cooper at cooper.stevenson.name
Fri Jul 18 11:45:02 UTC 2003 

Cory,

Please take this conversation off-list.


Sincerly,


Cooper Stevenson

On Fri, 2003-07-18 at 11:42, Cory Petkovsek wrote:
> On Fri, Jul 18, 2003 at 11:52:36AM -0700, Cooper Stevenson wrote:
> > On Fri, 2003-07-18 at 11:22, Cory Petkovsek wrote:
> > 
> > > What is not correct?
> > > Are you refuting that accessing a samba share across the internet is
> > > insecure?  Or are you saying my interpretation of your setup is not
> > > correct. 
> > 
> > Your interpretation of my setup is not correct. I mean, how does one do
> > SMB communications through the mail client? That's a dialog box I
> > haven't seen yet :-). It's through IMAP. Trust me.
> If my interpretation is not correct, then you should change your ad to
> reflect a more accurate image.  This is what I saw in your initial email:
> 
> > The Goal: build a server that will effectively filter spam, deliver
> > email, and provide convenient remote access to corporate data. The
> > server may or may not be behind a firewall, so security is of primary
> > importance.
> > 
> > Of course, to avoid vendor lock-in and restrictive licensing contracts
> > while at the same time increase security and reliability, the server
> > should run Open Source software.
> 
> > The Solution: Postfix + Spamassassin + UW IMAP + Samba + Apache Web
> > Server + SquirrelMail
> 
> You mention "the server" and "a server" and "Samba" which is the server
> component of the cifs/smb protocol on unix systems.
> 
> > >  You had said the system may be one system and it may not have
> > > a firewall.  Logic leads us to believe that samba would be on a
> > machine
> > > plugged directly in to the internet.  
> > 
> > No, it's a smbmount pointing to an NT server on the Linux box. The files
> > themselves are on another machin on the internal subnet. See to my
> > comment about adding a second NIC with routing to be doubly secure.
> 
> Adding another nic and routing doesn't do anything to give one added
> security, it merely adds in another hop.  Correct logic rules in 
> packet filtering does.
> 
> 
> > > Without a firewall, this is not
> > > secure.  Without a firewall, how can you require all communications to
> > > occur through port 143?
> > 
> > Reject the traffic with IP tables. Better to have a firewall.
> 
> Netfilter+iptables _is_ a firewall and a very good one, _if_ configured
> properly. 
> 
> Cory
-- 
--------------------------------------------------------------
| Cooper Stevenson        | Em: cooper at cooper.stevenson.name |
| Open Source Consultant  | Ph: 541.924.9434                 |
--------------------------------------------------------------

More information about the PLUG mailing list