Re: Question of Firewall & Mail Servers

To: Debian Users <debian-user@lists.debian.org>
Subject: Re: Question of Firewall & Mail Servers
From: Seth R Arnold <sarnold@willamette.edu>
Date: Sat, 18 Sep 1999 13:37:09 -0700
Message-id: <[🔎] 19990918133709.W23922@willamette.edu>
Mail-followup-to: Debian Users <debian-user@lists.debian.org>
In-reply-to: <[🔎] 19990918091545.C23311@desktop.ourmanpann.com>; from Pann McCuaig on Sat, Sep 18, 1999 at 09:15:46AM -0700
References: <[🔎] 37E2AE6F.4A022DD9@dupreeinc.com> <[🔎] 19990918091545.C23311@desktop.ourmanpann.com>

On Sat, Sep 18, 1999 at 09:15:46AM -0700, Pann McCuaig wrote:
> On Fri, Sep 17, 1999 at 14:11, Doug Thistlethwaite wrote:
> 
> > I am working on adding a debian slink linux system as a fire wall to my
> > existing company network.  When finished, we will have an ISDN router
> > connected to the linux firewall machine and a separate network card
> > connecting the internal network to the linux system.
> > 
> > The mail server will be inside of the firewall and needs to receive SMTP
> > connections through the firewall.
> 
> > My question is how is this done?
> 
> There are (at least) two ways to do this. Another user has responded to
> tell you how to punch a hole in your firewall for port 25. You can also
> use a "store and forward" system to prevent anyone from outside your
> network from talking directly to port 25 on your mail server.

I would like to point out that using a store-and-forward method can get into
infinite email loops, of bounce messages and the sort, if the software
wasn't designed perfectly. Perhaps both smap and smtpd are smart enough to
handle the situations.

Check out the bugtraq archives (http://www.securityfocus.com/) in the last
three weeks for the conversation there about the problem.

> One such system is smap, and another is smtpd. I've had good experience
> with the latter, no experience with the former. If memory serves, I
> selected smtpd because it was pretty much a drop-in on a debian slink
> system that was the firewall.
> 
> I used rinetd on that system for punching holes in the firewall (port
> 22, ssh, for example).

ooooh! *This* sounds nice too. This might work in my situation. Thanks for
the tip.

(The main advantage of IPPORTFW is it uses the IPMASQ code in both
directions; log files represent the correct IP address, and other niceties
that rinetd can't provide, if it is implemented how I think it is
implemented (eg, not in the kernel. :) )

-- 
Seth Arnold | http://www.willamette.edu/~sarnold/
Hate spam? See http://maps.vix.com/rbl/ for help
Hi! I'm a .signature virus! Copy me into
your ~/.signature to help me spread!

Reply to:

References:
- Question of Firewall & Mail Servers
  - From: Doug Thistlethwaite <doug@dupreeinc.com>
- Re: Question of Firewall & Mail Servers
  - From: Pann McCuaig <pann@ourmanpann.com>

Prev by Date: Rebuilding unstable packages
Next by Date: Bind Problem : Another kind of idea !
Previous by thread: Re: Question of Firewall & Mail Servers
Next by thread: Backup -- what directories are important?
Index(es):
- Date
- Thread