> > 1) People generally have their SMTP server sitting somewhere within
> > the "[Internal Net]". The firewall would say something like "We only allow
> > connections to port 25 of the SMTP gateway". If the SMTP gateway is sitting
> > inside, the perimiter is broken.
> The proper way to set this up is to have the firewall itself accept mail with
> smapd and sendmail v8.6 and then re-route that mail to the internal servers.
> The internal servers are never vulnerable to an attack because the outside
> world cannot talk directly to them.
Agreed, that is what I was explaining to checkpoint.
> > 2) If the internet SMTP gateway sits on the DMZ, and the customer
> > has several internal SMTP gateways that distribute all the mail, then again,
> > the SMTP gateway on the DMZ would have access to send data to the inside SMTP
> > hosts, thus providing information flow. If the internal SMTP gateways are
> > vulerable to attack (IE: version of sendmail that have problems, IE: ALL)
> > again, the perimiter is broken.
> The best way to secure things is to assume nothing is secure on your internal
> network. Reduce your points of faliure on the DMZ, and trust nothing. If you
> make sure that your DMZ versions of sendmail are secure and they talk to your
> internal servers, no direct communication ever takes place from the external
> network to the internal network.
"If you make sure that your DMZ versions of sendmail are secure.."
History has proven, sendmail & security do not belong in the same sentence. 8-)