Newbie server configure questions...

Newbie server configure questions...

Post by Stephen Big » Thu, 31 May 2001 18:51:49



This should be a piece of cake question to answer for anybody that has spent
any time as an IT guru (which I haven't ;-)

I want to set up email hosting for my company.  We currently have a hardware
firewall that provides DMZ, outside and local intranet connections guarded by
policies.  We have a fat pipe coming into the firewall.

I want to place a bastion host (a hardened Linux box) on the DMZ running
postfix as the SMTP server and qpopper as the POP3/IMAP server.

I want all employees to be able to use the SMTP server to send out all mail
from the intranet.  They should also be able to access their mail stored on
the bastion host via POP3 (IMAP?) from the local net to the bastion host
through the firewall.  It would also be nice if they could access their mail
from outside the company via IMAP.

Perhaps later, another two bastion hosts on the DMZ running FTP and HTTP
servers.

Is this doable?  Does this pose security risks?

Thanks for your comments.

 
 
 

Newbie server configure questions...

Post by bur » Fri, 01 Jun 2001 00:16:35



>I want all employees to be able to use the SMTP server to send out all mail
>from the intranet.  They should also be able to access their mail stored on
>the bastion host via POP3 (IMAP?) from the local net to the bastion host
>through the firewall.  It would also be nice if they could access their mail
>from outside the company via IMAP.

>Perhaps later, another two bastion hosts on the DMZ running FTP and HTTP
>servers.

>Is this doable?  Does this pose security risks?

Very do-able. It poses acceptable security risks to my mind. Most of
that risk will be centered on how well you can secure the bastion
host. You will be able to configure, using tcp wrappers and your
firewall who can use the IMAP and POP servers. Also pay attention to
who you leave the SMTP server open to as a relay. You don't want to
let the world have it.

-burk

--


 
 
 

Newbie server configure questions...

Post by Stephen Big » Sat, 02 Jun 2001 07:42:22




>>I want all employees to be able to use the SMTP server to send out all
>>mail from the intranet.  They should also be able to access their mail
>>stored on the bastion host via POP3 (IMAP?) from the local net to the
>>bastion host through the firewall.  It would also be nice if they could
>>access their mail from outside the company via IMAP.

>>Perhaps later, another two bastion hosts on the DMZ running FTP and HTTP
>>servers.

>>Is this doable?  Does this pose security risks?

> Very do-able. It poses acceptable security risks to my mind. Most of
> that risk will be centered on how well you can secure the bastion
> host. You will be able to configure, using tcp wrappers and your
> firewall who can use the IMAP and POP servers. Also pay attention to
> who you leave the SMTP server open to as a relay. You don't want to
> let the world have it.

> -burk

Thanks for the response!

Obviously, this is a huge topic and I have alot of learning to do.  I know
that a server like Mercury allows outside users to relay but only with a
user/password challenge.  The problem with that is that it is transmitted in
the clear.  Is there any wayto allow selected relaying with encrypted login
from the outside?

 
 
 

Newbie server configure questions...

Post by bur » Sun, 03 Jun 2001 23:09:35



>Thanks for the response!

>Obviously, this is a huge topic and I have alot of learning to do.  I know
>that a server like Mercury allows outside users to relay but only with a
>user/password challenge.  The problem with that is that it is transmitted in
>the clear.  Is there any wayto allow selected relaying with encrypted login
>from the outside?

Well, what comes to mind is some sort of APOP or encrypted POP3 with
a POP before SMTP solution. You could run your POP services over an
SSL tunnel, and then you use some program to open the relay for any
user that has sucessfully POPped.

here's a few interesting sites....
http://www.networkcomputing.com/1018/1018ws22.html
http://www.rickk.com/sslwrap/
http://www.iecc.com/pop-before-smtp.html

Hope this helps!

-burk
--

 
 
 

1. Newbie question: Configuring an X app server

Hello there,

at last I've got Linux (SuSe 5.3) up and running on 3 quite different
machines. One of them has the capacity to act as a file server and run
all applications; the other are small old 486s which I'd like to use as
X-clients.

As of now, I have to go through the following routine:
- Start the client machine
- Start the X system on the client machine with an X-terminal
- Grant access to the server for the client's display via the Xhost
command
- Remote login to the server
- Run X-apps on the server

First, this is an awquard startup procedure for my non-technical fellow
users.
Second, I have on the client machine not the same window manager and,
what's more, not the same application menus as on the server. If I add
new software on the server, all clients should have immediate access to
it via their window manager menus.

I tried to start the X-server alone on the client, then rlogin to the
server from the console and then start a window manager from there, but
I couldn't get it to work.

How should I do it?
s.

2. Eliminating dual authentication prompts when using Java applets + Apache

3. Newbie - (dumb CERN httpd question, Linux as server, which server ?)

4. Source for any version of UNIX

5. newbie needs help to configure the mail server

6. X-Windows on Linux Redhat 4.0

7. Newbie: Configuring RH6.0 as a private server with ISP connect

8. ACER travelmate 524TE

9. Newbie configuring RHat 4.2 : help for www, mail server setups

10. newbie question: configuring keyboard

11. Newbie question...configuring kernel

12. Configuring PCCARD Slots (Newbie Question)

13. Newbie question: Configuring LILO's default setting