Date: Mon, 18 Aug 1997 07:50:55 -0400 (EDT) From: Brian Clapper <bmc@WillsCreek.COM> To: questions@FreeBSD.ORG Subject: Re: sendmail on a firewall box Message-ID: <199708181150.HAA00360@current.willscreek.com> In-Reply-To: <62646535@toto.iv>
next in thread | previous in thread | raw e-mail | index | archive | help
Jerry Kelley wrote: > This is probably a loaded question and I'd bet that I'll get responses > on both sides but I'm going to ask this question anyway: > > 1) is it a major security hole to run sendmail on a firewall box? > > Okay, there, I said it. In the economy of a small business, it is not > always practical to have several servers providing services such as > firewalling and mail hosting. So, for my business, I want to set up a > FreeBSD box to act as the Internet access point and provide things like > DNS, mail hosting, NTP, and firewalling. I really don't have the dollars > to build a separate box for the firewall although I know that security > purists will frown and make some comments that security isn't cheap > anyway. > > I just want one box that provides the services to my small LAN. I want > that box to be the mail host for my company and also provide a > firewall/proxy service. > > Am I asking for too much? No, you're not. Putting *something* in place is better than not having anything at all--provided you're aware of the limitations of your solution. If you're going to run sendmail on a firewall box, though, you might consider wrapping it in the `smap' wrapper that comes with the firewall toolkit. See http://www.tis.com/ for pointers to the firewall toolkit; it's free. Also, read through these two books for information on how to secure your firewall box more effectively: Building Internet Firewalls Brent Chapman and Elizabeth Zwicky O'Reilly & Associates, Inc ISBN 1-56592-124-0 http://www.ora.com/ Firewalls & Internet Security Repelling the wily hacker William R. Cheswick, Steven M. Bellowin Addison-Wesley ISBN 0-201-6337-4 http://www.awl.com/ ----- Brian Clapper, bmc@WillsCreek.COM, http://WWW.WillsCreek.COM/ Conceit causes more conversation than wit. -- LaRouchefoucauld
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199708181150.HAA00360>