OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Adrian Bolzan (Adrian.Bolzanaot.com.au)
Date: Wed Jan 02 2002 - 21:15:44 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On 2 Jan 2002 at 8:42, Ralf Hildebrandt wrote:

    > On Wed, Jan 02, 2002 at 06:00:46PM +1000, Adrian Bolzan wrote:
    >
    > > My boss has asked me to minimise contact between the internet and the
    > > internal network (understandable).
    >
    > For that, you can use Postfix as "quasi"-SMTP proxy.
    >

    yes, i suppose so, although i thougt to install something lighter, such as
    "smtp-proxy", but I have given (below) a network design that uses
    postfix as the quasi-proxy.

    > > Regarding e-mail, he thought that a smtp proxy would assist in this,
    > > although I realised that (a) it would be another server that could fail,
    > > need maintainance, etc.; and (b) postfix is very secure, as is linux (or
    > > can be).
    >
    > Well, you COULD use OpenBSD instead :)
    >
    > > sounds good, and this will fit in well with our new anti-virus set up.
    >
    > Be sure not to expose the SMTP listener of the Antivirus gateway
    > directly to the internet.
    >

    thanks for that tip. There has been some comment on the fact that anti-
    virus software does not run in a chrooted jail, and runs as root.

    i think a set up such as:

    For in:
    Internet --> Postfix (Header/body matching, on DMZ)
      --> Postfix + Antivirus (on DMZ)
        --> Groupware server (Internal)

    and then out:

    Groupware server (internal) --> Postfix + Antivirus (on DMZ)
      --> Postfix (Header/body matching, on DMZ)
       --> Internet

    should be a good solution.

    thanks for the advise,

    adrian

    > Ralf Hildebrandt (Im Auftrag des Referat V A) Ralf.Hildebrandtcharite.de
    > Charite Campus Virchow-Klinikum Tel. +49 (0)30-450 570-155
    > Referat V A - Kommunikationsnetze - Fax. +49 (0)30-450 570-916
    > All data leaves a trail. The search for data leaves a trail. The erasure of
    > data leaves a trail.The absence of data, under the right circumstances, can
    > leave the clearest trail of all. -- Dr. Kio Masada
    >
    > -
    > To unsubscribe, send mail to majordomopostfix.org with content
    > (not subject): unsubscribe postfix-users

    -
    To unsubscribe, send mail to majordomopostfix.org with content
    (not subject): unsubscribe postfix-users