Greg Owen writes:
> > In the main, though, you've laid out yet another argument
> > against secondary MX.
> But even if you got rid of secondary MXs, there's another
> scenario this attacks, one which most basic firewall design courses
> and books recommend: using a mail relay as a bastion host in the DMZ
> to disallow direct access from the Internet to the mail store.
You have not read the qmail documentation provided by DJB. In it, he
provides explicit directions on exactly how to set up a bastion host: a
single qmail server on the DMZ listening to port 25 talking to 1 or more
qmail servers on the inside via qmqp. NOT smtp.
Therefore, any other use of qmail in a relay situation was not
considered part of the design and is thus deprecated (i.e., use at your
own risk).
DJB writes very compact documentation. You have to throw out any
assumptions that you may be carrying forward from other pieces of
software and actually read every single word he writes--they are all
important for correctly interpreting his design goals.
> For example, people running Exchange or Notes (and many do, for
> various good or bad reasons) may not want that box directly on the
> Internet, open to SYN flooding, DOS attacks, and buffer overflow
> attempts. qmail makes the perfect intermediate relay - high
> performance, high security, high reliability. If the bastion host is
> attacked, internal mail isn't directly affected, which is a good
> thing.
Relaying to Exchange or Notes was not part of the qmail design goals.
Qmail is not unique in not handling this situation and any expectation
that you carry that it would be useful in this situation is incorrect.
/Joe
