Re: CAll for standard bastion smtp: ssmtp
Hello,
<talking about getting mails of the firewall with smtp>
> Yep. IMO, it's much more important to forbid SMTP connections to the
> mail server,
Accepting Mail via SMTP is totally unconnected to sending Mail via SMTP. You
dont need to run an SMTPd to send SMTP Mails.
> for example by using UUCP to an outside relay host. That
> way you can safely use sendmail.
(Sending mails via UUCP to sendmail is NOT more secure than sending via
SMTP. In both cases the Headers are read by sendmail and can cause Buffer
overruns.)
I dont see any win by using uucp to your Mail Relay instead of SMTP (in
terms of security). I dont see any additional Protection from running
"rmail" from UUCP vs. "in.smtpd" from SMTP. Which Point do u think makes
UUCP more secure? UUCP is a big old monster with horrible SUID/word
writeable Directories and a lot of configs you can do wrong. For a simple
firewall we should avoid it. Of course it can be helpfuff for batched
transfers to a mail relay, but nowadays very little ISPs actively support
UUCP.
And to the trusted Inside, accepting SMTP is the best Solution, since this
will support all internal Mail Systems like MS, Netscape, Notes, MHS,... and
all free Clients (Eudora, Netscape, IE, Mutt)
Accepting Mails via SMTP from the Internet is often Mandatory (if your ISP
can't do otherwise). (And if your ISP supports POP3 fetchmail will deliver
the Internet Mail via SMTP anyway). The need to filter the Headers is the
same, if you get the mail via SMTP or rmail.
Greetings
Bernd
--
(OO) -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
(O____O) If privacy is outlawed only Outlaws have privacy
--
E-mail the word "unsubscribe" to debian-firewall-request@lists.debian.org
TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble? e-mail to listmaster@debian.org .
Reply to: