On Mon, 05 Oct 2009, Ansgar Wiechers wrote: > On 2009-10-04 Sahil Tandon wrote: > > On Sun, 04 Oct 2009, Ansgar Wiechers wrote: > >> On 2009-10-04 Sahil Tandon wrote: > >>> On Sun, 04 Oct 2009, Ansgar Wiechers wrote: > >>>> On 2009-10-04 mouss wrote: > >>>>> anyway, it is ok to relay mail from the DMZ to the LAN. > >>>> > >>>> No. > >>> > >>> Why? > >> > >> Because violating the DMZ is never okay without a Damn Good Reason(tm). > >> That's firewalling 101. If you allow inbound connections from untrusted > >> to trusted networks, there's no point in having a DMZ in the first > >> place. > > > > I appreciate the adherence to Firewalling 101 (something you have > > preached before on security-basics), but common sense and practical > > issues might impel one to make an exception and allow port 25 *only* > > from Outside Postfix -> Inside Postfix. > > I have yet to see what "common sense" or "practical issues" would > "impel" someone to make this exception. You may want to elaborate on > that one.
Happy to take this off list with you and mouss, without extraneous "quotations". -- Sahil Tandon <sa...@tandon.net>
