[CentOS] Replacing my Scalix mail server

Wed Apr 1 00:57:05 UTC 2009
Les Mikesell <lesmikesell at gmail.com>

Robert Moskowitz wrote:
> 
> I have seen attacks and mitigations that often never make it out to the 
> public, or make it out after we have worked with the vendors for weeks 
> to get patches before the S* hits the fans. I am particularly paranoid 
> about what may be exposed on a gateway/firewall while waiting for that 
> all so important patch.
> 
> I don't like SME's laid back attitude to getting a 1st install patched, 
> for example. One 1st install, all services on the server MUST be blocked 
> until current updates are installed and configured, and only then opened.
> 
> So, no, your explaination does not make me feel more comfortable. But 
> then as indicated, I am a hard one to make comfortable....

I could have missed something, but I don't recall any services being 
open on the external nic until you configure them.  Are any?  If you 
have a 1-nic setup they probably assume that something else is handling 
the firewalling.

>> That's not particularly relevant - if you access from more than one 
>> location you might want to set up imaps access so all the messages are 
>> stored on the server and available through the hoard web interface if 
>> you aren't at you usual client(s).
> 
> I was at the IETF when IMAP was brought out of CMU and standardized, I 
> know the beast all too well.

Yeah, on R4 and you still can't count on a good notification mechanism, 
but it is usable.

-- 
   Les Mikesell
    lesmikesell at gmail.com