Re: Attracting newbies (Was Booting Debian/testing fails)
-----BEGIN PGP SIGNED MESSAGE-----
On 02/07/07 13:57, Andrew Sackville-West wrote:
> On Wed, Feb 07, 2007 at 12:20:47PM -0600, Ron Johnson wrote:
>> On 02/07/07 11:31, Andrei Popescu wrote:
>>> If I were to transform my firewall machine in a mailserver then IMAP
>>> would be the best choice to access it.
>> That's the *second worst* place to put it.
> please enlighten. I am in the process of re-examining my home lan. My
> new mobo on the server includes to nic's so I am thinking of using my
> server as the firewall as well... you seem, from the above, to think
> this is a bad idea. I don't doubt that it is...
Machines exposed to the Internet should have as few services on them
as possible. This reduces the threat "surface" (i.e., the number of
available possible exploits.
Thus, the device "you" should expose to Internet should only be a
router+firewall and web cache (if needed). ssh on that box should
only be visible to the LAN.
Have the firewall *redirect* incoming imaps requests to your server.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
-----END PGP SIGNATURE-----