On 03/04/2015 04:33 PM, Professa Dementia wrote:
On 3/4/2015 12:45 PM, Dave McGuire wrote:
There is. But I already have a firewall, running on bulletproof hardware that doesn't depend on spinning disks. I don't want to add ANOTHER firewall when I already have a perfectly good one. Besides, my mail server is built for...serving mail. Not being a firewall.
You can implement whatever type of security you are comfortable with, however, best practices is to have layered security, also known as the "belt and suspenders" method of keeping your pants up.
A perimeter firewall and local firewalls (iptables usually) on each machine is the minimum level of security I set up. A perimeter firewall alone does not protect you from an attacker who is able to compromise one machine and install a scanner which then scan all the systems on your internal network looking for exploitable weaknesses. All the while the perimeter firewall is oblivious to the attack going on internally and utterly incapable of mitigating it even if it were aware.
Yes, I have some experience in these matters, thank you.
You've made my point for me. This is why I want Dovecot to handle the next layer, either via big flat files, a mysql/pgsql table, or DNS queries.
-Dave-- Dave McGuire, AK4HZ/3 New Kensington, PA