From owner-freebsd-questions@FreeBSD.ORG Sat Aug 16 11:01:49 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B590F37B401 for ; Sat, 16 Aug 2003 11:01:49 -0700 (PDT) Received: from remt20.cluster1.charter.net (remt20.cluster1.charter.net [209.225.8.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id E460543F3F for ; Sat, 16 Aug 2003 11:01:48 -0700 (PDT) (envelope-from chowse@charter.net) Received: from [66.168.145.25] (HELO moe) by remt20.cluster1.charter.net (CommuniGate Pro SMTP 4.0.6) with ESMTP id 124753323 for freebsd-questions@freebsd.org; Sat, 16 Aug 2003 14:01:44 -0400 From: "Charles Howse" To: Date: Sat, 16 Aug 2003 13:01:36 -0500 Message-ID: <002e01c36420$6f9e9220$04fea8c0@moe> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 In-Reply-To: <44ada9oazl.fsf@be-well.ilk.org> Importance: Normal Subject: RE: Make popa3d listen on specific interface X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Aug 2003 18:01:50 -0000 > > I could be way off on my logic, and my understanding of tcp/ip, so > > correct me if I'm wrong. > > Not at all; you're dead on. > The only thing I'm trying to warn you about is that binding to a > specific address is having a fairly small effect on your security in > this case. For belt-and-suspenders protection, you'd be somewhat > better off with a more sophisticated POP server which can bind to > the inside interface directly instead of just the address. Well, I'm big on security, but not an expert. On my XP Pro box, I run Zone Alarm Pro for *outgoing* security, as well as being behind the firewall. On my Redhat 9 box, I have it configured for the security suggestions in the "Linux Benchmark v1.0.0" on the Center for Internet Security. http://www.cisecurity.org/. I also run Tripwire, and a custom security report. I'm not at all opposed to changing pop servers, I selected popa3d based *only* on the 1-line description in the packages section of sysinstall. Which one would you recommend? Which is the *be-all, do-all, big-daddy* pop server in Packages?