On 05/11/05, Sanjay Arora <[EMAIL PROTECTED]> wrote: > You mean that the server on the other end will know my mail-server Ip > (192.168.y.x) is natted by my real IP 202.x.x.x ? And if the Real IP
Nope, NAT is excluded. > As far as I am concerned, the DMZ server will be vulnerable to Apache > exploits, SMTP & DNS Server exploits only as everything else will be Not to mention exploits in any PHP-based or other web applications you deploy. To have some protection from these, you will need a application firewall - a squid/apache reverse proxy will do nicely. > firewalled...no pin-holes nothing. Regular updates, coupled with choice > of Qmail & DJ Bernstein's TinyDNS (which I believe are more secure), While TinyDNS is an excellent choice, I'd recommend Courier for the mailing part. You get SMTP, POP3, IMAP and even webmail, a variety of virtual hosting options (PG or MySQL DB, flat files, LDAP etc.) and rock-solid stability, ease of integration and management and an excellent security track record. Also, it is actively developed. Check out http://www.courier-mta.org. The point about active development cannot be stressed enough. To take an example, I recently noticed that /etc/dnsroots.global shipped with TinyDNS hasn't been updated since sometime between 1997-2002. The last two root-server IP address changes (J in 2002, B in 2004) aren't reflected with a default install of TinyDNS (the M change in 1997 is present, though). > Please do critique the design and my logic. Sounds perfect. Go ahead and all the best. Binand ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php _______________________________________________ linux-india-help mailing list linux-india-help@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-india-help
