Sahil Tandon a écrit : > On Mon, 05 Oct 2009, Ansgar Wiechers wrote: > >> On 2009-10-04 Sahil Tandon wrote: >>> On Sun, 04 Oct 2009, Ansgar Wiechers wrote: >>>> On 2009-10-04 Sahil Tandon wrote: >>>>> On Sun, 04 Oct 2009, Ansgar Wiechers wrote: >>>>>> On 2009-10-04 mouss wrote: >>>>>>> anyway, it is ok to relay mail from the DMZ to the LAN. >>>>>> No. >>>>> Why? >>>> Because violating the DMZ is never okay without a Damn Good Reason(tm). >>>> That's firewalling 101. If you allow inbound connections from untrusted >>>> to trusted networks, there's no point in having a DMZ in the first >>>> place. >>> I appreciate the adherence to Firewalling 101 (something you have >>> preached before on security-basics), but common sense and practical >>> issues might impel one to make an exception and allow port 25 *only* >>> from Outside Postfix -> Inside Postfix. >> I have yet to see what "common sense" or "practical issues" would >> "impel" someone to make this exception. You may want to elaborate on >> that one. > > Happy to take this off list with you and mouss, without extraneous > "quotations". >
no, thanks. OP seems to be a 101 oriented guy. I am a 69 oriented guy. that's 32 points difference ;-p
