IP drop list

Dave McGuire mcguire at neurotica.com
Wed Mar 4 22:02:11 UTC 2015


On 03/04/2015 04:33 PM, Professa Dementia wrote:
> On 3/4/2015 12:45 PM, Dave McGuire wrote:
>>    There is.  But I already have a firewall, running on bulletproof
>> hardware that doesn't depend on spinning disks.  I don't want to add
>> ANOTHER firewall when I already have a perfectly good one.  Besides, my
>> mail server is built for...serving mail.  Not being a firewall.
> 
> You can implement whatever type of security you are comfortable with,
> however, best practices is to have layered security, also known as the
> "belt and suspenders" method of keeping your pants up.
> 
> A perimeter firewall and local firewalls (iptables usually) on each
> machine is the minimum level of security I set up.  A perimeter firewall
> alone does not protect you from an attacker who is able to compromise
> one machine and install a scanner which then scan all the systems on
> your internal network looking for exploitable weaknesses.  All the while
> the perimeter firewall is oblivious to the attack going on internally
> and utterly incapable of mitigating it even if it were aware.

  Yes, I have some experience in these matters, thank you.

  You've made my point for me.  This is why I want Dovecot to handle the
next layer, either via big flat files, a mysql/pgsql table, or DNS queries.

                 -Dave

-- 
Dave McGuire, AK4HZ/3
New Kensington, PA


More information about the dovecot mailing list