[tech] Re: [wheel] machineroom / munt
mustang at ucc.gu.uwa.edu.au
mustang at ucc.gu.uwa.edu.au
Mon Oct 25 10:32:25 WST 1999
> Followups to tech at ucc.gu.uwa.edu.au
>
> On Mon, Oct 25, 1999 at 08:19:29AM +0800, David Manchester wrote:
> [...]
> > > Can we put it on an insecure segment or something? Is our router currently
> > > allowing waix access to the insecure segments?
Or rather Yakk wrote the above.
> We decided that we _did_ want this, of course it's up to someone with a
> reason, to actually do it at some stage. (I haven't had to do a machine
> install recently, so I haven't done it) We were also hoping for a better
> Mac login system.
Radius..?
> ...however mail is an exception.
>
> > No. Because of the firewall rules set on our router.
> > i.e. if it ain't on the 1st network, port 25 is filtered.
>
> If you're going to set up a mail server, make bloody sure that it doesn't
> relay. If you're going to set it up properly and maintain it then by all
> means allow port 25 through to _that machine_.
Yes, and I'll not run an open squid on it either... no, it won't relay.
> (Of course with mail that doesn't usually make much sense. Usually
> you'd want a mailserver to be world-accessible, which it can't with just
> WAIX access)
mmhm.
> It's a really simple thing, so just get it right. Too many default
> installs come with an open mail relay, so firewalling them out is
> sensible.
Like I said... it'll have 8.9.x on it with sane rulesets sometime soon.
Cheers
/dave
--
/ David Manchester <mustang at ucc.gu.uwa.edu.au> [TDH] Netware/UNIX droid. \
Tell someone who's interested, tell someone who can keep their lunch digested
Tell someone who wants your conversation, tell someone who doesn't regard you
\as an argument for compulsory sterilisation." [TISM], `How Do I Love Thee?'/
More information about the tech
mailing list