[CentOS] courier mail for Centos

Robert Moskowitz rgm at htt-consult.com
Thu Dec 6 17:29:54 UTC 2012


On 12/06/2012 11:13 AM, Reindl Harald wrote:
>
> Am 06.12.2012 17:10, schrieb Robert Moskowitz:
>> On 12/06/2012 10:41 AM, Les Mikesell wrote:
>>> On Thu, Dec 6, 2012 at 9:13 AM,  <m.roth at 5-cent.us> wrote:
>>>> Disabling selinux, or at least setting it to permissive, I agree with.
>>>> Turning down your firewall?! Anyone suggesting that is, IMO, either a)
>>>> clueless, or b) a malware user/vendor trying to make life easier. Can
>>>> anyone think of any other possibilities?
>>> Someone with good site and subnet-level hardware firewalling.  And a
>>> good feeling that all the bad guys are on the other side of the
>>> firewalls.
>> Which I have. A Juniper branch firewall that I was given for testing
>> purposes. And I am subnetted up the gazoo; I have a 64 address CIDR
>> allocation that I have subnetted to /29s and /28s. I also use RFC1918
>> extensively. Afterall, I am one of its authors :)
> but you did not understand "feeling that all the bad guys are on the other
> side of the firewalls" - these days believe their will never be attacks
> from infected machines and such crap from INSINDE the network is naive
>
Actually I do, as I work in this area.  Granted my job is secure 
communications, not secure OS/apps, but I work with the team that does 
deal with this.

It goes back to my good friend Steve Bellovin where in his firewall book 
he called the firewall the crunchy outside and the corp net the chewy 
inside.  He later was a strong advocate for per system firewalling; what 
we have today.  When we keep it on, that is.

Also why I want to get my DNS server off of the old Centos to current 
and my Samba and Mail servers also to current.

Past due.





More information about the CentOS mailing list