On Tue, 29 Feb 2000, you wrote:
> We're thinking of moving the majority of our customers' mail to linux, and
> a few issues have come up:
This email comes to you from a mandrake box's sendmail :)
> 1) How secure is sendmail 8.6.9 ? What are the main things we need to do to
> secure our public facing linux mail server?
Make sure that spammers can't use your mail server as a relay. Make sure the
box runs a minimal set of services (if your not using a daemon, kill it and
take it out of your init). Use SSH instead of telnet.
> 2) Worst case scenario is that our public facing linux box gets hacked, and
> taken down completely - what's the best way of backing this up to ensure
> minimum downtime - we'd ideally like to have a 'backup' linux box that
> mirrors itself from the main one, and will allow us to switch to it in the
> case of the main box going down.. is this possible? What are the implications?
You could use tripwire to ensure that if you are forced to bring a compromised
box back online, that at least the 'system' files are OK. Three things you don't
wanna lose on a mail server: sendmail configuration (the m4 files - hard to
rebuild from memory after you've tweaked 'em), your users mailboxes (they scream
when they can't get the joke of the day), and your password files (/etc/passwd
/etc/group /etc/shadow). With just those three things, you can recreate your
mail server on a new/spare box.
Syncing the 'live' and 'spare' boxes is either a really good idea or a complete
waste of time, depending on your POV. I'm siding with the latter.
> 3) If our main linux box got hacked, is a switched hub enough to protect us
> from a potential hacker being able to packet sniff our entire network?
Not really. What you want to do is isolate your mail server from your local
network. Here's kinda how we did it here:
(best viewed in courier)
--------------- <- the internet
|
gateway
|
--------------- <- intermediate
| |
firewall mail
|
--------------- <- localnet
Note: The 'intermediate' network is still 100% live routable IPs. We know these
boxes might be compromised, so we keep 'em off the local network. The firewall
is another linux box doing masquerading with ipchains. Good stuff.
> Any input much appreciated
>
> JL
If anyone knows better than I, I'm all ears.
--MikeK
"This above all, to thine own self be true."
