Date: Fri, 5 Dec 1997 08:44:51 -0700 From: Nate Williams <nate@mt.sri.com> To: Bradley Dunn <bradley@dunn.org> Cc: Gaetan Feige <Gaetan@vsg.mobistar.be>, freebsd-isp@FreeBSD.ORG Subject: Re: User security Message-ID: <199712051544.IAA01108@mt.sri.com> In-Reply-To: <Pine.BSF.3.96.971205091912.10211A-100000@ns3.harborcom.net> References: <3.0.32.19971205083748.00ae0640@vsg.mobistar.be> <Pine.BSF.3.96.971205091912.10211A-100000@ns3.harborcom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> Seriously, black box mail servers that only allow access via IMAP or POP > are the way to go if you can. You can use SSH for remote administration, > and with SSH's "AllowUsers" configuration option you can specify exactly > who can connect via SSH. There's one possible problem with SSH in that it allows remote users to 'forward' ports from the black-box machine to other machines unless you explicitly compile out the code. This is rather nasty if you allow people inside your firewall to the black-box machine, since they can forward out to other internal (unprotected) machines in your domain and wreak havoc. (No, this didn't happen, but it could have. :) Nate
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199712051544.IAA01108>