Re: Question of Firewall & Mail Servers
On Sat, Sep 18, 1999 at 09:15:46AM -0700, Pann McCuaig wrote:
> On Fri, Sep 17, 1999 at 14:11, Doug Thistlethwaite wrote:
> > I am working on adding a debian slink linux system as a fire wall to my
> > existing company network. When finished, we will have an ISDN router
> > connected to the linux firewall machine and a separate network card
> > connecting the internal network to the linux system.
> > The mail server will be inside of the firewall and needs to receive SMTP
> > connections through the firewall.
> > My question is how is this done?
> There are (at least) two ways to do this. Another user has responded to
> tell you how to punch a hole in your firewall for port 25. You can also
> use a "store and forward" system to prevent anyone from outside your
> network from talking directly to port 25 on your mail server.
I would like to point out that using a store-and-forward method can get into
infinite email loops, of bounce messages and the sort, if the software
wasn't designed perfectly. Perhaps both smap and smtpd are smart enough to
handle the situations.
Check out the bugtraq archives (http://www.securityfocus.com/) in the last
three weeks for the conversation there about the problem.
> One such system is smap, and another is smtpd. I've had good experience
> with the latter, no experience with the former. If memory serves, I
> selected smtpd because it was pretty much a drop-in on a debian slink
> system that was the firewall.
> I used rinetd on that system for punching holes in the firewall (port
> 22, ssh, for example).
ooooh! *This* sounds nice too. This might work in my situation. Thanks for
(The main advantage of IPPORTFW is it uses the IPMASQ code in both
directions; log files represent the correct IP address, and other niceties
that rinetd can't provide, if it is implemented how I think it is
implemented (eg, not in the kernel. :) )
Seth Arnold | http://www.willamette.edu/~sarnold/
Hate spam? See http://maps.vix.com/rbl/ for help
Hi! I'm a .signature virus! Copy me into
your ~/.signature to help me spread!