[Dovecot] WAS Apple - of networks and stuff

Rick Romero rick at havokmon.com
Sat Dec 13 19:54:01 EET 2008


>   My network security is handled elsewhere.  I too believe in layered 
> security, but my desire to use the right tool for the job is much 
> stronger.  My mail server is busy serving mail; my network security is 
> handled by equipment built and optimized for that job.
>> It's not like it costs anything extra.... :)
>   Well...that's the attitude that got us operating systems that need a 
> gigabyte of memory just to boot, and processors clocked at 3GHz that 
> give me the same useful performance as my 4MHz Z80 twenty years ago. 
> ;)  Nothing is free.
I can see both sides of this.  I have an old FreeBSD machine without 
filtering in the kernel where I've been forced to create null routes for 
hosts that insisted on hammering the machine.  My first firewall was 
Mischler's IPRoute for DOS on a 386-16 with a floppy drive.  I know that 
any machine nowadays is plenty powerful enough to do basic filtering 
with no adverse affects.  We have NICs that can handle Gigabit speeds 
handling data across a 1.5Megabit T1.

My suggestion is to just use the simplest solution for your situation.  
If you don't have packet filtering in the cable, use a null route.  If 
you have it, use it.   If you're completely adverse to doing anything 
other than mail on the mail server, give Apple a couple days to supply 
the patches and run with that.   Mike said the patches were against 1.1, 
so it's not like anyone would absolutely need to use the beta 1.2 to get 
these features.  Even better if he can break the whole of the changes 
into smaller patches.

Rick






More information about the dovecot mailing list