 |
|
|
|
Next: php imap_rfc822_parse_adrlist problem
|
| Author |
Message |
External
Since: Dec 31, 2007
Posts: 5
|
(Msg. 1) Posted: Sat Dec 20, 2008 12:26 pm
Post subject: Jailed mailserver. Overkill?
Archived from groups: comp>unix>bsd>freebsd>misc (more info?)
|
|
|
Hi -
I'm currently in the process of installing a MTA (either exim or
postfix) on my new server. The MTA will handle my family's mail
and a handful mailing lists, thus no big deal.
During the last decade I received my mail via UUCP from my ISP and my
exim was configured to receive and send UUCP batches and to deal with
local mail, only[1]. Now, my mailserver will have access to the
Internet[2].
I'm concerned about security, and therefore I'm thinking about putting
my MTA and dovecot into a jail, but I'm also concerned about this
additional layer of complexity. And, I do not have experience with jails
sofar.
Thus my questions: What's your opinion? Is sandboxing dovecot and
exim/postfix worth the effort or overkill?[3]
[1] UUCP through ssh tunnel to ISP, sitting behind DSL-Router.
[2] packet filter (pf) is in place with default incoming deny policy.
[3] I will have to learn jails anyway, becaus the planned webserver will
be jailed, definitely.
Thanks ans regards,
Michael
--
to let |
|
| Back to top |
|
 | |
External
Since: Oct 08, 2007
Posts: 6
|
(Msg. 2) Posted: Sat Dec 20, 2008 1:25 pm
Post subject: Re: Jailed mailserver. Overkill? [Login to view extended thread Info.]
Imported from groups: per prev. post (more info?)
|
|
|
|
|
| Back to top |
|
| |
External
Since: May 27, 2004
Posts: 12
|
(Msg. 3) Posted: Sat Dec 20, 2008 7:25 pm
Post subject: Re: Jailed mailserver. Overkill? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
On Sat, 20 Dec 2008 16:57:50 +0000, Michael Grimm wrote:
> I'm concerned about security, and therefore I'm thinking about putting
> my MTA and dovecot into a jail, but I'm also concerned about this
> additional layer of complexity. And, I do not have experience with jails
> sofar.
>
> Thus my questions: What's your opinion? Is sandboxing dovecot and
> exim/postfix worth the effort or overkill?[3]
I'm quite happy to let my mail server listen openly on the internet
(behind a NAT router). I'm pretty confident in its integrity and the
integrity of the FreeBSD network stack, so there's not a whole lot that
putting it in a sandbox could do for me.
As a word of warning: you *will* have to learn about spam filtering
techniques, as the spammers learn the address of your mail server. As a
guess, hiding behind uucp paths has probably protected you from most of
it, up to now...
Cheers,
--
Andrew >> Stay informed about: Jailed mailserver. Overkill? |
|
| Back to top |
|
| |
External
Since: Sep 05, 2003
Posts: 76
|
(Msg. 4) Posted: Sat Dec 20, 2008 8:26 pm
Post subject: Re: Jailed mailserver. Overkill? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Andrew Reilly wrote:
> On Sat, 20 Dec 2008 16:57:50 +0000, Michael Grimm wrote:
>
> > I'm concerned about security, and therefore I'm thinking about putting
> > my MTA and dovecot into a jail, but I'm also concerned about this
> > additional layer of complexity. And, I do not have experience with jails
> > sofar.
Jails are not very complex to setup, and are a really wonderful toy.
You should invest some hours to learn how to do it, you will see it is
very rewarding.
--
Michel TALON >> Stay informed about: Jailed mailserver. Overkill? |
|
| Back to top |
|
| |
External
Since: Dec 31, 2007
Posts: 5
|
(Msg. 5) Posted: Sun Dec 21, 2008 12:44 pm
Post subject: Re: Jailed mailserver. Overkill? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Patrick Lamaizière wrote:
[jails]
> And there are some benefits, security of course but also you can
> duplicate a jail to make some tests, test updates and so on. It is
> easier to update a single jail with few ports than a whole host.
> That's very cool!
Yes, thats a good point pro jails I never before thought about.
Regards,
Michael
--
to let >> Stay informed about: Jailed mailserver. Overkill? |
|
| Back to top |
|
| |
External
Since: Dec 31, 2007
Posts: 5
|
(Msg. 6) Posted: Sun Dec 21, 2008 12:44 pm
Post subject: Re: Jailed mailserver. Overkill? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Andrew Reilly wrote:
> As a word of warning: you *will* have to learn about spam filtering
> techniques, as the spammers learn the address of your mail server. As a
> guess, hiding behind uucp paths has probably protected you from most of
> it, up to now...
Not really  My ISP simply forwards all mail for my domain unfiltered
because I always wanted to filter locally. The only difference to a
regular setup is that the transport of mail is done using uucp batches
instead of direct delivery using smtp.
Regards,
Michael
--
to let >> Stay informed about: Jailed mailserver. Overkill? |
|
| Back to top |
|
| |
External
Since: Dec 31, 2007
Posts: 5
|
(Msg. 7) Posted: Sun Dec 21, 2008 12:44 pm
Post subject: Re: Jailed mailserver. Overkill? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
|
|
| Back to top |
|
| |
External
Since: Oct 09, 2007
Posts: 23
|
(Msg. 8) Posted: Sun Dec 21, 2008 2:25 pm
Post subject: Re: Jailed mailserver. Overkill? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
On Sun, 21 Dec 2008 16:26:52 UTC, Michael Grimm
wrote:
> Andrew Reilly wrote:
>
> > As a word of warning: you *will* have to learn about spam filtering
> > techniques, as the spammers learn the address of your mail server. As a
> > guess, hiding behind uucp paths has probably protected you from most of
> > it, up to now...
>
> Not really My ISP simply forwards all mail for my domain unfiltered
> because I always wanted to filter locally. The only difference to a
> regular setup is that the transport of mail is done using uucp batches
> instead of direct delivery using smtp.
The advantage is that now you'll be able to filter on blacklists too...!
--
Bob Eager
UNIX since v6..
http://tinyurl.com/2xqr6h >> Stay informed about: Jailed mailserver. Overkill? |
|
| Back to top |
|
| |
| Related Topics: | secondary mailserver - Greeting, I've looked throught the handbook for this but cannot find the answer. I have two FreeBSD 4.8 machines where 1 is the mailserver for some-domain and the some-domain is in the sendmail.cw file. DNS MX records for some-domain is setup like so: ....
FreeBSD MailServer - Hi, I have recently started working at an ISP who is running a Windows based mailserver. The admin of the mailserver is rather sticky about changing but clients and staff are constantly having problems connecting to it, it crashes etc. I have recently....
securing mailserver address - Hello Guys; Good Day can anyone help give me documentations about on how to filter/stop & secure, on using my own email address as spam. From: user@my.domain.com Subject: RE: Hello To: user1@my.domain.com I'm using imap n sendmail, Thanks on advan...
Help setting up a virtual mailserver - Hi I'm rather new to this, and can't seem to get it right. I got vpopmail setup so that I can serve virtual domains, and this works very well. The problem I have is that I have a multidrop pop3 account with my upstream service provider, which will..
Setting up mailserver for windows clients - Hi I am configuring my first proper mailserver for a small group (10-15) of people. Nearly all of these users will be using M$ outlook to read their email via imaps (I am trying out dovecot) and send email via smtps. Now, how does a windows user who.... |
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
|
|
|
FAQ
Search
Profile
Private Messages
Log in
