From owner-freebsd-security@FreeBSD.ORG Tue May 18 17:07:34 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 03CB516A4CF for ; Tue, 18 May 2004 17:07:34 -0700 (PDT) Received: from pursued-with.net (adsl-66-125-9-242.dsl.sndg02.pacbell.net [66.125.9.242]) by mx1.FreeBSD.org (Postfix) with ESMTP id A578D43D4C for ; Tue, 18 May 2004 17:07:33 -0700 (PDT) (envelope-from freebsd@pursued-with.net) Received: from babelfish.pursued-with.net (babelfish.pursued-with.net [192.168.168.42]) by pursued-with.net (Postfix) with ESMTP id E919313E59F; Tue, 18 May 2004 17:07:23 -0700 (PDT) Date: Tue, 18 May 2004 17:07:23 -0700 (PDT) From: Kevin Stevens To: Michael Collette In-Reply-To: <200405181121.57675.metrol@metrol.net> Message-ID: References: <200405171639.08701.metrol@metrol.net> <1084859824.28107.680.camel@abydos.amaunetsgothique.com> <200405181121.57675.metrol@metrol.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-security@freebsd.org Subject: Re: Mail Server in the DMZ question X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd@pursued-with.net List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 May 2004 00:07:34 -0000 > Nothing specifically. Just the notion of allowing any kind of request > to come from the DMZ into the secure network didn't seem right. In an > ideal setup nothing should be allowed to make a request to the internal > network. At least that's been my thinking on the matter. > > > If you're > > protecting against mail being sent in, well clearly that will happen > > either way. If you're protecting against an attacker that would hijack > > the DMZ host and try to attack your internal machine via port 25, well > > yes it will stop that, but if the attacker manages to hijack the machine > > they're going to be able to do a lot worse things (snoop on all your > > mail, possibly capture passwords, etc). > > > > Really, the possibility that an attack would be able to make a > > successful attack using only port 25 of your internal host is very > > remote, and the possibility that they couldn't do anything else > > malicious even though they had hijacked a host is even more remote. > > Make sure you're not over architecting your environment and introducing > > unnecessary complications for very minimal potential benefit. > > I can fully appreciate your concern about over architecting this thing. As I > began researching this and kept seeing UUCP getting mentioned my arms went up > in the air. I hadn't imagined it was going to get this "clever" to spool up > mail in the DMZ then request it down into the secure network. Yet another > protocol was not the solution I was hoping for. All UUCP offers is that it's a "pull" technology, so you don't have to permit a session to be initiated from your DMZ to get the mail in. SMTP is "push", so you have to open the firewall enough to allow the bastion mailhost in to deliver. The downside is that it's a pull technology - anyone who can hack your uucp account on the bastion can get all your mail. Plus I'm not sure how thoroughly inspected the UUCP code is; all my experience is with using it over dialup or frame serial circuits, not over IP. KeS