Cory, Please take this conversation off-list.
Sincerly, Cooper Stevenson On Fri, 2003-07-18 at 11:42, Cory Petkovsek wrote: > On Fri, Jul 18, 2003 at 11:52:36AM -0700, Cooper Stevenson wrote: > > On Fri, 2003-07-18 at 11:22, Cory Petkovsek wrote: > > > > > What is not correct? > > > Are you refuting that accessing a samba share across the internet is > > > insecure? Or are you saying my interpretation of your setup is not > > > correct. > > > > Your interpretation of my setup is not correct. I mean, how does one do > > SMB communications through the mail client? That's a dialog box I > > haven't seen yet :-). It's through IMAP. Trust me. > If my interpretation is not correct, then you should change your ad to > reflect a more accurate image. This is what I saw in your initial email: > > > The Goal: build a server that will effectively filter spam, deliver > > email, and provide convenient remote access to corporate data. The > > server may or may not be behind a firewall, so security is of primary > > importance. > > > > Of course, to avoid vendor lock-in and restrictive licensing contracts > > while at the same time increase security and reliability, the server > > should run Open Source software. > > > The Solution: Postfix + Spamassassin + UW IMAP + Samba + Apache Web > > Server + SquirrelMail > > You mention "the server" and "a server" and "Samba" which is the server > component of the cifs/smb protocol on unix systems. > > > > You had said the system may be one system and it may not have > > > a firewall. Logic leads us to believe that samba would be on a > > machine > > > plugged directly in to the internet. > > > > No, it's a smbmount pointing to an NT server on the Linux box. The files > > themselves are on another machin on the internal subnet. See to my > > comment about adding a second NIC with routing to be doubly secure. > > Adding another nic and routing doesn't do anything to give one added > security, it merely adds in another hop. Correct logic rules in > packet filtering does. > > > > > Without a firewall, this is not > > > secure. Without a firewall, how can you require all communications to > > > occur through port 143? > > > > Reject the traffic with IP tables. Better to have a firewall. > > Netfilter+iptables _is_ a firewall and a very good one, _if_ configured > properly. > > Cory -- -------------------------------------------------------------- | Cooper Stevenson | Em: [EMAIL PROTECTED] | | Open Source Consultant | Ph: 541.924.9434 | -------------------------------------------------------------- _______________________________________________ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
