Date: Mon, 18 Aug 1997 08:12:38 +0200 From: sthaug@nethelp.no To: jerryk@iquest.net Cc: freebsd-questions@FreeBSD.ORG Subject: Re: sendmail on a firewall box Message-ID: <3599.871884758@verdi.nethelp.no> In-Reply-To: Your message of "Sun, 17 Aug 1997 23:04:57 -0500" References: <33F7C9E9.167EB0E7@iquest.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> This is probably a loaded question and I'd bet that I'll get responses > on both sides but I'm going to ask this question anyway: > > 1) is it a major security hole to run sendmail on a firewall box? > > Okay, there, I said it. In the economy of a small business, it is not > always practical to have several servers providing services such as > firewalling and mail hosting. So, for my business, I want to set up a > FreeBSD box to act as the Internet access point and provide things like > DNS, mail hosting, NTP, and firewalling. I really don't have the dollars > to build a separate box for the firewall although I know that security > purists will frown and make some comments that security isn't cheap > anyway. > > I just want one box that provides the services to my small LAN. I want > that box to be the mail host for my company and also provide a > firewall/proxy service. Sounds like you should buy a Whistle Interjet :-) (www.whistle.com) Anyway, given sendmail past history I'd feel very uncomfortable with sendmail in any sort of security-related function. Why don't you look at qmail (www.qmail.org) instead? This was written with security in mind. I hope by "Internet access point" you don't mean for users to actually login to the firewall box? This is generally considered a bad idea. Steinar Haug, Nethelp consulting, sthaug@nethelp.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3599.871884758>