IP drop list

Professa Dementia professa at dementianati.com
Wed Mar 4 21:33:47 UTC 2015


On 3/4/2015 12:45 PM, Dave McGuire wrote:
>    There is.  But I already have a firewall, running on bulletproof
> hardware that doesn't depend on spinning disks.  I don't want to add
> ANOTHER firewall when I already have a perfectly good one.  Besides, my
> mail server is built for...serving mail.  Not being a firewall.

You can implement whatever type of security you are comfortable with, 
however, best practices is to have layered security, also known as the 
"belt and suspenders" method of keeping your pants up.

A perimeter firewall and local firewalls (iptables usually) on each 
machine is the minimum level of security I set up.  A perimeter firewall 
alone does not protect you from an attacker who is able to compromise 
one machine and install a scanner which then scan all the systems on 
your internal network looking for exploitable weaknesses.  All the while 
the perimeter firewall is oblivious to the attack going on internally 
and utterly incapable of mitigating it even if it were aware.

Dem


More information about the dovecot mailing list