Carl Lindgren wrote: > > I have several SNF firewalls that I maintain at different locations and > would like to process log alerts and have them mailed to me or to my pager. > What would be the ramifications if I would install postfix on the firewall > as far as weakening the security on the firewalls? > > Carl Lindgren > C. R. Lindgren Consulting > Minneapolis, MN >
Well, Carl, this question, like so many about security, depends upon your experience and ability to conduct system administration. If you need to have a MTA running on a machine, you should not be intimidated by the "bad guys". Of course, you would need to open up port 25 but do it smartly. Make damn sure you install the newest source of postfix, and then make sure it is patched for all current exploits. And that is not enough. You must then "lock it down" against unauthorized use, such as relays and spam. And that is not enough. You should, as many do, such as myself, run some kind of sensor on your firewall. I use snort because there are a plethora of smtp rules already written, such as attempted buffer overruns, etc. You just plug em in, and go but you may choose some other kind of NIDS. The answer to your question about weakened security with the running of a mail server depends on you. There are literally *millions* running mail servers. Of this number, only of few of these servers are safe to run. My motto: if you got it, go for it. If not, stay at home. -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
