From owner-freebsd-security@FreeBSD.ORG Tue May 18 16:12:16 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AA14B16A545 for ; Tue, 18 May 2004 16:12:13 -0700 (PDT) Received: from testequity.com (mach2.testequity.net [205.147.14.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1641A43EC9 for ; Tue, 18 May 2004 11:25:52 -0700 (PDT) (envelope-from metrol@metrol.net) Received: from metwork.priv.testequity.com [192.168.3.50] by testequity.com with ESMTP (SMTPD32-7.13) id A37B89DD00F6; Tue, 18 May 2004 11:18:35 -0700 From: Michael Collette To: freebsd-security@freebsd.org Date: Tue, 18 May 2004 11:21:57 -0700 User-Agent: KMail/1.6.2 References: <200405171639.08701.metrol@metrol.net> <1084859824.28107.680.camel@abydos.amaunetsgothique.com> In-Reply-To: <1084859824.28107.680.camel@abydos.amaunetsgothique.com> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200405181121.57675.metrol@metrol.net> Subject: Re: Mail Server in the DMZ question X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 May 2004 23:12:16 -0000 Many thanks to everyone who replied to my query. Lot of great ideas I've got to mull through here. On Monday 17 May 2004 10:57 pm, Brian Keefer wrote: > I've seen one site implement UUCP for exactly this reason, but I think > the potential problems with a flaw in UUCP outweigh just using an SMTP > push. Seeing as how I've seen a number of folks suggest UUCP, and I'm dirt ignorant on the subject, could you explain what the pitfalls are of using it? > As long as you've locked down your firewall to only allow the mail > gateway to open a connection through to your trusted net on port 25 > (i.e. no other DMZ hosts are allow through in this manner) that's about > as good as you can do. > > Look at it this way, what are you protecting against? Nothing specifically. Just the notion of allowing any kind of request to come from the DMZ into the secure network didn't seem right. In an ideal setup nothing should be allowed to make a request to the internal network. At least that's been my thinking on the matter. > If you're > protecting against mail being sent in, well clearly that will happen > either way. If you're protecting against an attacker that would hijack > the DMZ host and try to attack your internal machine via port 25, well > yes it will stop that, but if the attacker manages to hijack the machine > they're going to be able to do a lot worse things (snoop on all your > mail, possibly capture passwords, etc). > > Really, the possibility that an attack would be able to make a > successful attack using only port 25 of your internal host is very > remote, and the possibility that they couldn't do anything else > malicious even though they had hijacked a host is even more remote. > Make sure you're not over architecting your environment and introducing > unnecessary complications for very minimal potential benefit. I can fully appreciate your concern about over architecting this thing. As I began researching this and kept seeing UUCP getting mentioned my arms went up in the air. I hadn't imagined it was going to get this "clever" to spool up mail in the DMZ then request it down into the secure network. Yet another protocol was not the solution I was hoping for. Right at the moment I'm pretty much set up as you suggest. The purpose of my question was to see if I could lock things down a bit tighter. Thanks, -- "In theory, there is no difference between theory and practice. In practice, there is." - Yogi Berra