Linux Today: Linux News On Internet Time.

LinuxWorld: Installing a firewall, Part 2 - Tips for configuring secure, lean mail and network services

Oct 17, 2000, 20:01 (0 Talkback[s])
(Other stories by Danielle Michaels, Sam Mikes)

"One of the major services formerly provided by plains was mail service. In order to exchange mail with hosts outside the network, the mail server must be in contact with the external network. However, we didn't want to install a POP server on the new firewall machine, or have user accounts on it. So we decided to configure the mail server on wolf to relay mail to and from plains. User accounts and the POP server could then remain on plains, behind the firewall, resulting in minimal disruption to the client's email habits."

"The question was whether to use Sendmail on wolf to relay mail, or to use something else. Sendmail is the most common free mail transport agent. However, it has numerous security and usability problems. First of all, it has only one daemon, which runs as root. It does drop some privileges, but this has historically been a pathway for system compromise. Sendmail is also big, complicated, and difficult to configure, and it would detract from the lightweight beauty of the newly configured Trustix system. Finally, Sendmail is just more software than necessary to relay mail from one server to another."

"Postfix is a relatively new, security-conscious mail server. We use it internally, and it is small and easy to configure. Furthermore, it comes with Trustix, and thus was trivially easy to install. (Perhaps it would be better to say that one of the reasons we selected Trustix is that it came with Postfix)."

Complete Story

Related Stories: