[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] sendmail on DMZ
Rajesh wrote: > I have checkpint firewall ver 4.1 running on a solaris 2.6 > box(E220R). At the moment I have a mail server too on the firewall > (sendmail). Remove sendmail from the firewall ASAP. With sendmail running, it simply is no firewall. > I want to move the mail sever to DMZ. Are there any > disadvantages/imapcts if I move the sendmail (mail server) to DMZ. There are only advantages, the biggest advantage beeing that no sendmail bug will cause your firewall to be vulnarable: To repeat it again: A firewall should simply offer no services at all, no telnet, no ftp, no sendmail, just nothing except the firewall, otherwise it is no firewall. - deny remote logins on a firewall - disable all other daemons except the fw - lock the bootable drives (floppy, CD) - lock the machine in a 19 inch rack - lock the room - lock the keys > I want to know whether it will improve the performance or not. It will improve security, that is the important point. You might as well think about using another MTA e.g. Postfix or qmail, they are less complex and are considred more secure than sendmail. Wolfgang -- Wolfgang Kueter Netzwerkadministration & Security SHLINK Internet Service http://www.shlink.de [email protected] Postfach 1044, 25310 Elmshorn, Fed. Rep. Germany Telefon: +49 4121 269 006 Fax: +49 4121 269 007 ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|