Firewall and NAT

Alexander Dalloz ad+lists at uni-x.org
Wed Nov 3 01:31:34 UTC 2004


Am Mi, den 03.11.2004 schrieb Ow Mun Heng um 2:05:

> The other concern with this and the method of using MSAs is
>       * It does not have any milters/filters in place. what's stopping
>         spam/malware etc from coming in through that path?

If you don't explicitly bind the milters to the MTA only, they are used
with the MSA too.

>       * How much do you trust authenticating users? When malware gets
>         sent (unknown to the orginator) does it send through the users
>         MUA (eg: if users are using Outlook(R)

In which way is that specific for using the MSA? If you have a worm on a
Windows[tm] machine being able to use the auth data saved within the
mail program, then it does not matter whether you use the MTA or the
MSA. As server administrator you can hardly handle such cases. Only if
you have a close eye on the logs and you observer suspicious sendings.

> I believe that sendmail is right to instruct that the MSA only be used
> on internal systems. (and if there's a choice, only for the sending
> system and not to accept from other connections on the LAN). I guess it
> also depends, how much you trust systems within your LAN or otherwise

If you don't open the default MSA - means without authentication
enforcement -, then I wouldn't see the problem you see.

Alexander


-- 
Alexander Dalloz | Enger, Germany | new address - new key: 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora GNU/Linux Core 2 (Tettnang) on Athlon kernel 2.6.8-1.521smp 
Serendipity 02:31:27 up 14 days, 10 users, load average: 0.20, 0.32,
0.28 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20041103/2354cb2e/attachment-0001.sig>


More information about the fedora-list mailing list