Firewall and Mailserver questions - suggestions wanted.
-----BEGIN PGP SIGNED MESSAGE-----
I am in the processes of designing/building up a new
firewall and mailserver for my family's use, and yes
I am a beginner on Debian and building my own network.
But really looking forward to it. Will be lots of fun.
I am thinking of getting two firewalls, and having a DMZ
(Internet -> Outerfirewall -> DMZ -> Innerfirewall -> local)
I also would like to run apt-proxy, squid, privoxy, but where?
I am planning to go down to Akihabara and find some second hand
old pentium mini desktops. Was planning on three old computers, but
would like to get the right setup from the beginning.
(Pentium 300 128MRam for firewalls, Pentium 900 256MRam for Webserver)
I am planning on having the following software. Please let me
know if I am missing something, or have the wrong combination...
MTA : postfix, postfix-tsl, pop-before-smtp
Remove spams: spamassassin
Sort mails: procmail
fetch pop mails: fetchmail
Web mail interface: squirrelmail (with loads of plugins...)
Fetch hotmails: gotmail
web cache: squid
apt cache: apt-proxy
Ad removal: privoxy
Security: snort, acidlab, tripwire, logcheck, harden,
web server: apache
miscelaneous: dns, ntp, seti
security updates: cron-apt
I would very much like to know what your recommendations are.
1) Is this a good setup? Or overkill? total maybe 10 persons
to use mailserver in the beginning.
2) My thoughts are to have absolute minimum installed on the
firewalls, especially the inner firewall.
3) On which computer should the squid, privoxy, and apt-proxy be
running? On outerfirewall or on webserver? Or should I
have a dedicated computer for this?
4) Is there any idea of having a dedicated logserver?
5) Mail server and web server? Should this be in the same
computer, or separate? More secure if they are in separate?
6) Should I have the security stuff also on the dmz area?
7) Is it recommended to configure cron-apt to run once a day,
and only install the security updates?
Thanks in advance
Bengt (a rather beginner on Debian and network, but loving it)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)
-----END PGP SIGNATURE-----