[ previous ] [ next ] [ threads ]
 
 From:  "Chad R. Larson" <clarson at eldocomp dot com>
 To:  "Hilton at QuarkAV dot com" <Hilton at QuarkAV dot com>, "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Mail Server Behind 1.0
 Date:  Tue, 17 Feb 2004 15:48:11 -0700
At 03:23 PM 2/17/2004, Hilton Travis wrote:
>I can also understand that a number of businesses have sensitive email on 
>their mail server, so want it in the more protected LAN network.  But 
>these users also need to realize that running a mail server on the LAN 
>will result in Internet traffic making connections directly to a device on 
>your LAN, therefore weakening the security that your firewall 
>provides.  Especially if it is a Microsoft mail server.

Our solution:

{Internet}---/outer firewall/----[DMZ]----/inner firewall/----[LAN]---

The mail server lives on the DMZ, and the outer firewall allows access to 
its SMTP port.  The server spools, but does not deliver, mail to machines 
on the LAN.  A cron job uses SCP to fetch the contents of the spool 
directory to a machine on the LAN which then does the delivery.  (Ugly 
locking tricks elided.)

This allows us to keep intact one of our fundamental rules: No connections 
between the DMZ and the LAN may be initiated from the DMZ.

You =must= treat machines in a DMZ as potentially hostile.  Any machine 
visible to the great unwashed internet is subject to compromise (especially 
if running Microsoft software :->).  The whole purpose of a DMZ is to limit 
the damage a compromised machine can do.

          -crl
--
Chad R. Larson (CRL22)    chad at eldocomp dot com
   Eldorado Computing, Inc.   602-604-3100
      5353 North 16th Street, Suite 400
        Phoenix, Arizona   85016-3228

-- CONFIDENTIALITY NOTICE --

This message is intended for the sole use of the individual and entity to whom it is addressed, and
may contain information that is privileged, confidential and exempt from disclosure under applicable
law. If you are not the intended addressee, nor authorized to receive for the intended addressee,
you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or
any information contained in the message. If you have received this message in error, please
immediately advise the sender by reply email, and delete the message. Thank you.