On 03/04/2015 04:33 PM, Professa Dementia wrote:
> On 3/4/2015 12:45 PM, Dave McGuire wrote:
>> There is. But I already have a firewall, running on bulletproof
>> hardware that doesn't depend on spinning disks. I don't want to add
>> ANOTHER firewall when I already have a perfectly good one. Besides, my
>> mail server is built for...serving mail. Not being a firewall.
>
> You can implement whatever type of security you are comfortable with,
> however, best practices is to have layered security, also known as the
> "belt and suspenders" method of keeping your pants up.
>
> A perimeter firewall and local firewalls (iptables usually) on each
> machine is the minimum level of security I set up. A perimeter firewall
> alone does not protect you from an attacker who is able to compromise
> one machine and install a scanner which then scan all the systems on
> your internal network looking for exploitable weaknesses. All the while
> the perimeter firewall is oblivious to the attack going on internally
> and utterly incapable of mitigating it even if it were aware.
Yes, I have some experience in these matters, thank you.
You've made my point for me. This is why I want Dovecot to handle the
next layer, either via big flat files, a mysql/pgsql table, or DNS queries.
-Dave
--
Dave McGuire, AK4HZ/3
New Kensington, PA
