Re: [courier-users] Re: caching in courier-imap

Mon, 25 Nov 2002 04:06:09 -0800 

On Mon, 2002-11-25 at 01:56, Sam Varshavchik wrote:
> Jason Haar writes:
> 
> > On Sun, Nov 24, 2002 at 04:36:54PM -0500, Sam Varshavchik wrote:
> >> [EMAIL PROTECTED] writes:
> >> 
> >> >Well, there are quite a few installations where there are different 
> >> >servers hosting mail services and web services.
> >> 
> >> That's what NFS is for.
> > 
> > What about DMZes?
> 
> What about them?
> 
> > Running NFS/MAPI/SMB from a DMZ to a LAN is not a good idea. The security
> > implications are rather huge.
> 
> No it's not.  That's what firewalls are for.  Firewall blocks all traffic to 
> the web server, except port 80.  Problem solved.
> 

exscuse me? so you're saying that if they can only access the webserver
(ie. port 80) no one could ever hack the box? if f.ex. one were to use a
package like IMP (and the 10 other projects that go along with it) -
there's a big chance that there's a security issue with one of them,
that might give shell access as the webserver user (normally nobody).
>From there on, it's often possible to use some local exploit - and in
the case of NFS/MAPI/SMB shares, that's not even necessary and it IS a
lot easier to find flaws in a NFS/MAPI/SMB service than in the
courier-imap service. So If I were a security minded Admin, I would
prefer to allow access to users Email via Imap - as it has the best
security record of the options available.

-- 
Regards,
Klavs Klavsen

--------------| This mail has been sent to you by: |------------
              Klavs Klavsen - Open Source Consultant 
            [EMAIL PROTECTED] - http://www.EnableIT.dk

    Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA 
Fingerprint = 2873 188C 968E 600D D8F8  B8DA 3D3A 0B79 7E06 3C62
----------------------------------------------------------------
Open Source Software - Sometimes you get more than you paid for.
                                                 -- unknown



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to