Firewalls and mail servers
From: -={Giorgio}=- (leva.md3496_at_mclink.it)
Date: 08/23/03
- Next message: null_at_zilch.com: "Re: Firewalls: Seeking Opinions"
- Previous message: Duane Arnold: "Re: Firewalls: Seeking Opinions"
- Next in thread: veez: "Re: Firewalls and mail servers"
- Reply: veez: "Re: Firewalls and mail servers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 23 Aug 2003 20:06:30 +0200
Hello there,
I was just discussing with a couple of fellows what might be
the most secure/efficient solution for the mail server in a
corporate LAN protected with 2 FW.
+-----+ +-----+
( Internet ) --+ FW +----+ FW +----( Corporate LAN - NATted )
+--+--+ +-----+
|
|
( DMZ )
Considerations...
- Mail server: my collegue says that Cisco reccomends to
put the server in the corporate lan and the relay in the DMZ.
I am just a little bit skeptical about this, tha main reason
is that the mail server should be accessed by people from
remote station using a web mail service (HTTP not HTTPS!)
in this case we have a mail server Natted in the corporate
LAN with a 80 port opened and willing to accept connections
from the chaos... whoever is able to compromise the web
server (with a buffer overflow sploit) can reasonably have
access to the corporate LAN.
I think it's better to have the mail server in the DMZ and
open only the usual port from the inside (Smtp/pop3) and the
http port to the chaos (unfortunately you cna't have the web
mail service running on a the different host than the mail
server)
Regardless the CISCO reccomendations.. what is the solutions
you have seen so far...?
/G
- Next message: null_at_zilch.com: "Re: Firewalls: Seeking Opinions"
- Previous message: Duane Arnold: "Re: Firewalls: Seeking Opinions"
- Next in thread: veez: "Re: Firewalls and mail servers"
- Reply: veez: "Re: Firewalls and mail servers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
