From owner-freebsd-questions  Mon Aug 18 06:54:59 1997
Return-Path: <owner-freebsd-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id GAA22997
          for questions-outgoing; Mon, 18 Aug 1997 06:54:59 -0700 (PDT)
Received: from verdi.nethelp.no (verdi.nethelp.no [195.1.171.130])
          by hub.freebsd.org (8.8.5/8.8.5) with SMTP id GAA22992
          for <freebsd-questions@FreeBSD.ORG>; Mon, 18 Aug 1997 06:54:54 -0700 (PDT)
From: sthaug@nethelp.no
Received: (qmail 2484 invoked by uid 1001); 18 Aug 1997 13:54:47 +0000 (GMT)
To: jerryk@iquest.net
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: sendmail on a firewall box
In-Reply-To: Your message of "Mon, 18 Aug 1997 08:41:54 -0500"
References: <33F85122.41C67EA6@iquest.net>
X-Mailer: Mew version 1.05+ on Emacs 19.28.2
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Date: Mon, 18 Aug 1997 15:54:47 +0200
Message-ID: <2482.871912487@verdi.nethelp.no>
Sender: owner-freebsd-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

> > > I just want one box that provides the services to my small LAN. I want
> > > that box to be the mail host for my company and also provide a
> > > firewall/proxy service.
> > 
> > Sounds like you should buy a Whistle Interjet :-) (www.whistle.com)
> 
> Yeah, well, the ISP's around here haven't even heard of the Interjet.
> Besides, it's not that economical. I can build a FreeBSD box and
> configure
> it for much less money!

Well, the Whistle Interjet *is* a FreeBSD box :-). But it's hidden.
Yes, you can get much of the same functionality with ipfw or ipfilter.
It all depends on how much your own time is worth.

> > Anyway, given sendmail past history I'd feel very uncomfortable with
> > sendmail in any sort of security-related function. Why don't you look
> > at qmail (www.qmail.org) instead? This was written with security in
> > mind.
> 
> Thanks for the tip. I'll look into it. It's interesting how some will
> say that it's OK to run sendmail on the firewall box and others will
> cringe at it!

A fairly common way to do this is SMAP (from the TIS toolkit) plus
sendmail. I doubt you'll find many people serious about security who
will want to go for sendmail alone.

Steinar Haug, Nethelp consulting, sthaug@nethelp.no