Good question. In my mind it is the best of two evils.
I'd put it on an interface off of the firewall and secure it
that way. A secured DMZ approach. Letting any protocol to
originate inbound from the DMZ has some risk, but is sometimes
unavoidable. Make sure you have a recent version of Sendmail,
and that the SMTP relay is hardened to the max. Harden
the internal server as well.
-Art
At 03:26 PM 9/15/99 -0400, Geoff Smith wrote:
>I'm new to all this Security stuff, so this is probably
>an old question, but here it is, anyway:
>
>Should a mail server be inside or outside a firewall?
>
>Here's why I ask.
>
>1) If it's outside, people could break in and get mail until
> that mail is removed from the server (either by automated
> automated process or the user).
>2) If it's inside, I'd forward port 25 to another machine
> inside where someone might be able to exploit the MTA to
> get access to stuff inside the Firewall.
>
>Do I misunderstand the problem?
>
>Thanks for any insight...
>Norm!
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
>
===========================================
Art Coble
International Network Services
Senior Network Consultant
Email: [EMAIL PROTECTED]
Page: 800 INS 1 INS or [EMAIL PROTECTED]
"Fix the problem, not the blame"
=============================================
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
