Am 17.11.2014 um 08:23 schrieb Ron Leach:
On 16/11/2014 07:24, Robert Schetterer wrote (re-ordered):
Am 16.11.2014 um 02:24 schrieb Reindl Harald:
- if you find a security issue in postfix running on 587 over TLS cry out loud
I'm thinking beyond that; I want to get to the position that when there is an issue in the MTA, our systems are less exposed than they might otherwise be. It's not about the MTA.
and why do you then want the MTA inside dovecot?
if there is an issue in postfix, well, that's it and not more because by using dovecots SASL provider it has even no access to the user database at all
that's it and if you think that combination is not secure enough pull the network cables
That's pretty much what we have at the moment, but we need to be able to submit from offsite, and I'm keen to implement that together with our migration to 2.2. Of course offsite submission is easy, but in our experience that is also vulnerable.
what expierience?
Let me list the approach we'd prefer:
(i) MTA open on port 25 for inbound email.
(ii) MTA not open on any other port, because (for example, our) MTAs are constantly faced on port 25 with password attacks, malformed packets, malformed messages that contain scripts, and malformed protocol sequences; all these show up in the logs.
so what
In the past, at least one of those succeeded. We have a saying: 'once bitten, twice shy'. So, now I would prefer that any MTA we use (that is capable of outbound messaging) be *not* capable of relaying from any inbound SMTP protocol. (Because inbound SMTP is the focus of so much attack
jesus christ than disable sasl on port 25 and you are done