[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Header re-write

To: Tom Samplonius <tom@haven.uniserve.com>
Subject: Re: Header re-write
From: "Lee J. Silverman" <lee@netspace.students.brown.edu>
Date: Thu, 16 Feb 1995 02:15:54 -0500
cc: zmailer@cs.toronto.edu
In-Reply-To: <Pine.BSF.3.91.950215222615.1096A-100000@haven.uniserve.com>

On Thu, 16 Feb 1995, Tom Samplonius wrote:

>   Funny you should mention Zmailer and firewalls.  I don't know if anyone 
> has heard of a product called "Janus".  It is billed as a turn-key 
> firewall system.  Basically aimed at people who don't understand Internet 
> security....anyways, one of the selling points was that they don't use 
> Sendmail, but use Zmailer because it is more secure.  No idea what version.

	Really?  Not to downplay Zmailer at all, but I would consider 
this a BAD idea.  Chapter 1 of Cheswick and Bellovin's Firewall book 
gives a pretty good argument why you shouldn't run complicated software 
on your firewall.  I would take that further: if you can't check the code 
yourself, you shouldn't be running it on your firewall.  I would say that 
Zmailer is far too complicated to check yourself.  This isn't a firewalls 
list and I am no expert, but an internal machine can run zmailer to 
deliver mail efficiently, and SMTP on the firewall can forward to the 
internal machine using MX record magic.    


Lee Silverman, Brown class of '94, Brown GeoPhysics ScM '95
Email to: Lee_Silverman@brown.edu
Phish-Net Archivist: phish-archives@phish.net
"Nonsense - you only say it's impossible because nobody's ever done it."

References:
- Re: Header re-write
  - From: Tom Samplonius <tom@haven.uniserve.com>

Prev by Date: Re: Header re-write
Next by Date: Re: Header re-write
Prev by thread: Re: Header re-write
Next by thread: Re: Header re-write
Index(es):
- Date
- Thread