LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-26-2004, 11:21 AM   #1
Charles Daniel
Member
 
Registered: Aug 2004
Location: Missouri City, Tx
Posts: 39

Rep: Reputation: 15
Postfix setup help


After spending considerable time trying to config sendmail, I said forget it. So I downloaded postfix. It was easier to get up and running as a local server, but what I want is to send smtp over the internet to my clients.

What I have is a proxy server running squid and a web server on different linux machines. The proxy being (192.168.1.1) and the web server (APACHE) on 192.168.1.4.
What I propose is to set up postfix as an Email gateway server on the proxy machine and have the actual Postfix smtp server on the web server box.

I've gone through the documentation at the Postfix site and I think I have a general idea as to what to do. Can anyone point me to a better source with maybe some example config of what I'm trying to do. I always like to consult more than one source when I find myself in merky water. There is always someone who can explain a problem better than the next guy.

From what I read so far it seems like postfix as a gateway server forwards smtp (outgoing mail) to recipients over the net but can forward incoming mail to my pop3 server as well. If I'm wrong about that then you can see at least one area where I am confused.

Any advise will be appreciated.

Thanks
 
Old 10-26-2004, 11:25 AM   #2
TruckStuff
Member
 
Registered: Apr 2002
Posts: 498

Rep: Reputation: 30
$this != security related
 
Old 10-30-2004, 11:46 PM   #3
Charles Daniel
Member
 
Registered: Aug 2004
Location: Missouri City, Tx
Posts: 39

Original Poster
Rep: Reputation: 15
After spending some time researching this subject I discovered that the Gateway/Email configuration of postfix is supposed to run on a bastion host. The purpose of this configuration is to isolate the actual internal network smtp server from the internet.

As postfix is acting as an integral part of a firewall. I don't see how you can deem such a usage as not being security related.

I guess what I'm trying to say is that people who don't know what they are talking about shouldn't post.

 
Old 10-31-2004, 08:19 AM   #4
neilman
Member
 
Registered: Oct 2004
Location: Northville, MI
Distribution: Slackware
Posts: 65

Rep: Reputation: 15
So, to be clear, you're trying to setup an SMTP server for you and your friends, so that they can send outbound email through your SMTP server, correct?
 
Old 10-31-2004, 01:24 PM   #5
Charles Daniel
Member
 
Registered: Aug 2004
Location: Missouri City, Tx
Posts: 39

Original Poster
Rep: Reputation: 15
No this setup is for security reasons. One postfix is to run on a bastion host and is supposed to relay outbound mail to "CUSTOMERS" ( as in business clients ). The bastion instance should only accept smtp from the smtp server on my internal lan. It should not even accept smtp from any of my internal host except for the internal smtp server. This will prevent spammers from taking control of my smtp server.

A second postfix server will be running on the internal network. It has a two-fold purpose. Namely, to relay mail between internal clients on my network and secondly to relay mail that is internet bound to the postfix instance running on the bastion host. The postfix instance running on the bastion host will then relay mail that is internet bound to the appropriate destination over the internet.

Like this:

Internet <-- Postfix (bastion) <-- Postfix (internal)
<-->Internal Network

This should not be difficult to understand, since such configs are typical in modern firewalls and DMZs. That's why I find it frustrating that people on the forum would think this is not security related. But I guess that's old hat. So back to your question.

The postfix instance on the bastion simply acts as a internet forwarder/proxy for the actual smtp server on my internal network. In this way the internal smtp server can be isolated from exploits over the internet which may give an attacker access to my internal network where databases and client's personal information might be stored.

This way if the attacker successfully exploits the postfix server running on the bastion, then this will only give him access to an unpriviledged user on the bastion host. If the hackers goal is to get to my internal servers, then he would have to crack into an account on the bastion host with root privs. Then he would have to get through yet another firewall to get to my internal lan.

In closing I must say that what I have just described is extremely security related. And if people on this forum are willing to dismiss such a discussion, which is typical of firewall construction, as , "not being security related", then I guess that why I haven't been able to get an answer to my question.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
postfix setup problem deuce868 Linux - Networking 8 04-25-2004 10:40 PM
Postfix setup vladimir-dk Linux - Newbie 9 04-20-2004 09:56 PM
Postfix Setup Questions? frankd99 Linux - Newbie 1 01-24-2004 09:04 PM
Postfix Setup Help shaggystyle Linux - Networking 1 12-22-2003 02:21 PM
Postfix Setup Help shaggystyle Linux - Newbie 1 12-22-2003 01:49 PM


All times are GMT -5. The time now is 01:07 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration