On Fri, Jul 18, 2003 at 11:52:36AM -0700, Cooper Stevenson wrote: > On Fri, 2003-07-18 at 11:22, Cory Petkovsek wrote: > > > What is not correct? > > Are you refuting that accessing a samba share across the internet is > > insecure? Or are you saying my interpretation of your setup is not > > correct. > > Your interpretation of my setup is not correct. I mean, how does one do > SMB communications through the mail client? That's a dialog box I > haven't seen yet :-). It's through IMAP. Trust me. If my interpretation is not correct, then you should change your ad to reflect a more accurate image. This is what I saw in your initial email:
> The Goal: build a server that will effectively filter spam, deliver > email, and provide convenient remote access to corporate data. The > server may or may not be behind a firewall, so security is of primary > importance. > > Of course, to avoid vendor lock-in and restrictive licensing contracts > while at the same time increase security and reliability, the server > should run Open Source software. > The Solution: Postfix + Spamassassin + UW IMAP + Samba + Apache Web > Server + SquirrelMail You mention "the server" and "a server" and "Samba" which is the server component of the cifs/smb protocol on unix systems. > > You had said the system may be one system and it may not have > > a firewall. Logic leads us to believe that samba would be on a > machine > > plugged directly in to the internet. > > No, it's a smbmount pointing to an NT server on the Linux box. The files > themselves are on another machin on the internal subnet. See to my > comment about adding a second NIC with routing to be doubly secure. Adding another nic and routing doesn't do anything to give one added security, it merely adds in another hop. Correct logic rules in packet filtering does. > > Without a firewall, this is not > > secure. Without a firewall, how can you require all communications to > > occur through port 143? > > Reject the traffic with IP tables. Better to have a firewall. Netfilter+iptables _is_ a firewall and a very good one, _if_ configured properly. Cory -- Cory Petkovsek Adapting Information Adaptable IT Consulting Technology to your (541) 914-8417 business [EMAIL PROTECTED] www.AdaptableIT.com _______________________________________________ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
