Cory Petkovsek ([EMAIL PROTECTED]) wrote: > >On Fri, Jul 18, 2003 at 09:45:37AM -0700, Cooper Stevenson wrote: >> The Goal: build a server that will effectively filter spam, deliver >> email, and provide convenient remote access to corporate data. The >> server may or may not be behind a firewall, so security is of primary >> importance. >> The Solution: >> >> Postfix + Spamassassin + UW IMAP + Samba + Apache Web Server + >> SquirrelMail >Without another firewall, the server itself should be the firewall by >compiling in netfilter. Netfilter should be here in order to block >ports that are not allowed open, even if the daemon needs to be running. > >> This configuration allows business travelers and office workers alike >> the ability to access their email and server file shares from anywhere >> on the Internet, including their homes. Please refer to the following >> links: >Accessing a samba share across the internet is not secure. Since you >mention it may not be behind a firewall, this means samba is available >to the internet. Bad idea. This is because LM and NTLM are not secure. >The former is easily crackable and both are replayable. I would not >implement this over the public internet if I were you. NTLMv2 which >uses 128bit encryption and negotiated keys should be required and all >lesser protocols refused. This means specially configuring each win9x >client to support ntlmv2 (installing new patches) and configuring nt/2k >clients to only send ntlmv2 and configuring samba to use only ntlmv2. >However Samba 2.2.8a does not support it yet! Therefore you cannot do >this securely. > With phpGroupWare you don't need to expose Samba to the internet Not only does it include SquirrelMail but you also have a filemanager, shared addressbook, shared calendar and a ton of other shareable modules that you may or may not be interested in.
>SNIP some really good stuff. -- Bob Crandell Assured Computing When you need to be sure. [EMAIL PROTECTED] www.assuredcomp.com Voice - 541-689-9159 FAX - 541-463-1627 Eugene, Oregon _______________________________________________ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
