From owner-freebsd-questions  Thu Mar 12 17:51:24 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id PAA23878
          for freebsd-questions-outgoing; Thu, 12 Mar 1998 15:13:59 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from otess.com (root@cartero.otess.com [207.12.248.66])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA23644
          for <questions@FreeBSD.ORG>; Thu, 12 Mar 1998 15:12:24 -0800 (PST)
          (envelope-from mluser01@otess.com)
Received: from cafe (cafe.otess.com [207.12.248.75])
	by otess.com (8.8.5/8.8.5) with SMTP id PAA20938
	for <questions@FreeBSD.ORG>; Thu, 12 Mar 1998 15:14:43 -0800
Message-Id: <199803122314.PAA20938@otess.com>
X-Sender: mluser01@postoffice.otess.com
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3-J (32)
Date: Thu, 12 Mar 1998 15:10:07 -0800
To: questions@FreeBSD.ORG
From: "Shin'ichiro Seto/OTESS, Inc." <mluser01@otess.com>
Subject: Mail Server should be inside of ipfw ?
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hi folks,

This is a kind of generic issue but I hope someone will give me an idea.

I'm going to have two FreeBSD boxes at our customer site as Internet servers.
One will be ipfw + proxy + dns, and the other one will be mail + web + dns.

I wonder if mail server exists inside of the firewall is better or outside.

If it were inside, crackers would attack the intranet through sendmail.
I don't know how but I'm saying a possibility. Also, the mail server will
be http server. This means that they could get into the intranet using 
cgi program if the program were so stupid.  

If it were outside, it'd be easier to crack down the mail server itself and
get the passwd file.


If anyone has same situation, please let me know which one is better and why.
Or, If I have to have a firewall program instead of ipfw to say "This site
has a firewall", please give me any idea on firewall.

I feel like "to be or not to be". :-)


Thanks in advance,



   



+--------------------------------+-------------------------------+
| Shin'ichiro Seto               | E-Mail:  sseto@OTESS.COM      |
| Open TEchnology SolutionS, Inc.| URL:     http://www.otess.com |
| 23272 Mill Creek Dr. Suite 220 | Tel:     714-951-6600 ext105  |
| Laguna Hills, CA 92653         | Fax:     714-951-6700         |
+--------------------------------+-------------------------------+
|   ***** Your Door to the Solutions *****       OTESS, Inc.     |
+----------------------------------------------------------------+

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message