Hi Len,
comments included:
Len Conrad wrote:
>
>
> If you can fold the AV stuff onto your Declude/imail box (Scott to
> confirm), then move your SMTP gateway outside of the firewall, doh.
>
> 1. internet
>
> 2. border router with packet filtering
>
> 3. DMZ with bastion host/smtp gateway (I have a recommendation for
> what you could use here :))) )
i know this product (;-)
>
> 4. firewall
we don't trust the boarder router because we aren't the administrators
of this machine. no.3 must be behind the firewall in our dmz.
>
> 5. Private net with Imail/Declude/Sophos
5 should be in the dmz to because we don't want to have www -
connections from outside ( our staff members at home ) into the private
net ( means internal network in our description ).
>
> The advantage of this classic setup is that your traffic in the
> firewall is much lower (no spam, no dangerous attachments, a lot of
> viruses blocked by the smtp gateway header/body filters, max msg size
> limits enforced (no 650 megabyte porno cdroms as attachments) etc,
> etc) and rules in the firewall are much simpler (internet can not
> send to Imail dire, imail only gateways out to IMgate ( ooops, WTF
> dat ist? ).
i understand yout hints here but we have a big firewall machine to
prevent that kind of trouble because we have a E1 line attached to the
internet.
>
> Also, Imail does not do DNS lookups or internet deliveries, all that
> traffic ist outside die feuervahl, yah, werry gute ist.
i'll think about it. but if we have no.3 in front of the firewall we
have to take a lot of work by hardening the OS on this machine.
behind the firewall it only needs a few additional rules.
( but we have hardened os, too ;-)) )
dietmar
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
