TekBudda wrote: > Martin Glazer wrote: >> I've put together a Devil-Linux firewall (running in a DMZ) to be a >> complete front end for our Exchange server - it does anti-virus, spam >> and phishing filtering before passing on to Exchange. It also acts as a >> transparent proxy for Outlook Web Access, so there is no direct access >> between the Exchange server and connections coming in from and the internet. >> >> It uses spamassissin, postfix, clamav and sagator on the email side and >> pound proxy for the web stuff. The box is an old P3 and just using a CD >> and floppy drive, no hard drive needed. It could also run off a USB >> stick, but I haven't tried that route. >> >> On Exchange we also run Trend Micro av/v and spam filtering as a second >> level of defense. >> >> Another option is to use a spam filtering service where your email is >> first sent to the service for classification and filtering and then >> resent to you. Not sure of these details but recall a presentation by a >> company called Frontbridge (I think they were bought by MS). >> >> Personally, I always prefer a home grown Linux based solution. >> >> Martin > > Hi Martin, > > That sounds like a cool set-up...but I am wondering if IP-COp does the > same? I am only wondering because if I am looking at slapping an extra > box on the network I might as well make it do as much as possible and I > know that IP-Cop has a slew of modules that you can include...plus it > can run headless. I would imagine Devil does something similar or may > be an even better choice. >
I haven't played around with IP-Cop for ages, so not sure exactly what they have in there at the moment. Devil-Linux is a great distro as it doesn't need to be installed, just configured from a floppy. I picked up a $30 P3 box from Vfxweb a few weeks ago and it's now running happily as a firewall/VPN device with the addition of a n/w card. The only downside is that there is no nice GUI interface to configure the box, it has a real basic curses interface, but most of the stuff you configure via config files. > I want to stay away from a service as it takes some of the control out > of our hands and if I don't have to spend money I don't want to. I have > a few extra boxes floating around so hardware isn't a major problem, > just getting management approval to do it and my tech manager is open to > just about anything as long as it doesn't cost and it does the job well > or better than well. > > I would like to use my home environment as a lab to test first, but I > don't have Exchange running here so it may not be a full comparison. > To me, one of the most important requirements was the support of WebDav by the reverse proxy - thats why I used Pound (http://www.apsis.ch/pound/). The users wanted the "full" remote Exchange experience. > I would be interested in talking with you more about this. Maybe over > coffee or IM or through e-mail. > Sure - send me an email and we can set something up. Martin _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
