LinuxWorld: Installing a firewall, Part 2 - Tips for configuring secure, lean mail and network services

"One of the major services formerly provided by plains was mail service. In order to exchange mail with hosts outside the network, the mail server must be in contact with the external network. However, we didn't want to install a POP server on the new firewall machine, or have user accounts on it. So we decided to configure the mail server on wolf to relay mail to and from plains. User accounts and the POP server could then remain on plains, behind the firewall, resulting in minimal disruption to the client's email habits."

"The question was whether to use Sendmail on wolf to relay mail, or to use something else. Sendmail is the most common free mail transport agent. However, it has numerous security and usability problems. First of all, it has only one daemon, which runs as root. It does drop some privileges, but this has historically been a pathway for system compromise. Sendmail is also big, complicated, and difficult to configure, and it would detract from the lightweight beauty of the newly configured Trustix system. Finally, Sendmail is just more software than necessary to relay mail from one server to another."

"Postfix is a relatively new, security-conscious mail server. We use it internally, and it is small and easy to configure. Furthermore, it comes with Trustix, and thus was trivially easy to install. (Perhaps it would be better to say that one of the reasons we selected Trustix is that it came with Postfix)."

Complete Story

Related Stories:

• LinuxWorld: Installing a firewall, Part 1(Oct 10, 2000)
• LinuxWorld: Linux firewall survey, Part 1: Open source product roundup(Oct 09, 2000)
• Linux Journal: A Few Recipes for Easier Firewalls(Sep 16, 2000)
• Security Portal: Firewalls: What To Block(Sep 12, 2000)
• Security Portal: Firewalls - Common Configuration Problems(Sep 05, 2000)
• Security Portal: Firewalls - Overview(Aug 23, 2000)
• O'Reilly Network: 12 Tips on Building Firewalls(Jul 29, 2000)
• O'Reilly Network: Securing Your Home Network With the Edge Firewall(Jun 10, 2000)
• BSD Today: Running a BSD-based Firewall(May 28, 2000)
• SecurityFocus: Building a Linux Bunker: Basic Firewalling(May 08, 2000)
• RootPrompt.org: Auditing Your Firewall Setup(Apr 10, 2000)
• GBdirect: Firewalling with Linux(Apr 09, 2000)
• Linux Firewall and Security Site: Configuring an Internet Firewall and Home LAN With Linux(Apr 08, 2000)
• ZDNet: Linux Firewall On A 486: A Guard-Penguin For Your DSL Or Cable Modem... [Linux Router Proj.](Apr 04, 2000)
• Linux Journal: Transparent Firewalling(Oct 23, 1999)
• Linux.com: Deploying a Linux Firewall(Oct 08, 1999)