Loading ...
Sorry, an error occurred while loading the content.

Re: [SOLVED] Postfix 2.9.x vs iptables 1.4.x interaction issues under Debian/Ubuntu

Expand Messages
  • Reindl Harald
    ... then shut it down do not run things you do not trust ... so get a root server instead let things maintain from people you do not trust ... a well made
    Message 1 of 16 , Jul 29, 2012
    • 0 Attachment
      Am 29.07.2012 11:48, schrieb Mark Alan:
      >> if you do not trust you OUTGOING traffic the only valid
      >> reason is that you doubt your machine is comprimised
      >
      > [The problem, as said in another email, is (mostly) solved]
      >
      > - I do not trust anything connected 24h to the Internet

      then shut it down
      do not run things you do not trust

      > - I do not trust anything in a Xen VPS that sits in a datacenter
      > owned / managed / maintained by I do not know exactly who

      so get a root server instead let things maintain from
      people you do not trust

      > - I do not trust any software, open source or otherwise, that has a
      > level of complexity high enough to not be fully understood by the
      > installer, maintainer, user, etc.

      a well made postfix setup is 100% understandable
      if your mailserver setup is NOT understodd by you SHUT IT DOWN

      > [ Just google for "OpenSSH FBI backdoor". Its IPSEC stack was a
      > relatively small but nevertheless highly sensitive piece of software.
      > Look how it managed to elude, for so many years, so many security
      > conscious people, including most of the more security conscious
      > developers around: the developers of the OpenBSD - the "Ultra-Secure
      > Operating System". ]

      completly off-topic

      > This 'thing' just become so complex and with so many variables, that
      > it became impossible to know them all and to account for them all.
      > We can only reduce the size of the target and make it a little more
      > difficult to break in.

      you make it not difficult to break in with
      OUTGPING rate controls

      > And that is why we keep an eye on syslog and cousins and ask for help
      > here on this list when we start to see firewall drop outs related with
      > Postfix.

      keep your eye in intrusion events
      instead cripple down your network stack

      >> and NO a synflood will never come in the OUTPUT stream
      >> except your machine is compromised, but if so shut it down
      >
      > I am afraid that time will show you otherwise

      i am afraid this will not happen because my machines are
      not partly out of control like yours

      > These systems are not 'simple', not even 'complicated', they are real 'complex systems'

      not really

      > And, worse, with so many knowledgeable people with time and resources to
      > invest into breaking these systems, these are now real 'complex adaptive
      > systems'

      if knowledgeable people maintain them you are mostly safe
      not knowledgeable people should better not run public servers
      because in the case of a intrusion or conig mistake the are
      doing damage also on thir parties
    Your message has been successfully submitted and would be delivered to recipients shortly.