>
>Cons:
> o I don't like it personally with the same reasons you have mentioned.
> o Possibility of DOS and exploits. Firewall is critical for your site so why
>take chance.
> o Put extra burden on Firewall for processing.
> o Generally I don't want to allow any direct traffic from outside to
>firewall of any type if possible.
When I implemented this, we placed a set of relay servers on the outside
running qmail and ssh, this gave us the benefit of being able to reliably
use CVP outbound as well as inbound. For the uninitiated, if firewall-1
has trouble with delivering an email, its not terribly graceful.
Since you are practicing defence in depth, this also allows you to require
the use of your SMTP relays (which you configured properly, right?)
through router ACL enforcement of outbound traffic on port 25.
Chipper
------
Please encrypt anything important.
PGP Key: http://wwwkeys.pgp.net:11371/pks/lookup?op=get&search=0x6CFA486D
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
