IP drop list
Professa Dementia
professa at dementianati.com
Wed Mar 4 21:33:47 UTC 2015
On 3/4/2015 12:45 PM, Dave McGuire wrote:
> There is. But I already have a firewall, running on bulletproof
> hardware that doesn't depend on spinning disks. I don't want to add
> ANOTHER firewall when I already have a perfectly good one. Besides, my
> mail server is built for...serving mail. Not being a firewall.
You can implement whatever type of security you are comfortable with,
however, best practices is to have layered security, also known as the
"belt and suspenders" method of keeping your pants up.
A perimeter firewall and local firewalls (iptables usually) on each
machine is the minimum level of security I set up. A perimeter firewall
alone does not protect you from an attacker who is able to compromise
one machine and install a scanner which then scan all the systems on
your internal network looking for exploitable weaknesses. All the while
the perimeter firewall is oblivious to the attack going on internally
and utterly incapable of mitigating it even if it were aware.
Dem
More information about the dovecot
mailing list