Firewall Wizards mailing list archives
Re: Email Appliances
From: Paul Robertson <proberts () patriot net>
Date: Fri, 2 Aug 2002 14:26:53 -0400 (EDT)
On Fri, 2 Aug 2002, Richard Threadgill wrote:
Put them *behind* a modern, well-maintained, well-written mail system. (my personal choice is Postfix- IMO, Postfix, Qmail and Exim are the best choices in that order.) I place the order based on how much I like using each product, but Postfix also has the management FUD-reducer of also being called the "IBM Secure Mailer" if you have one of those layer 8[1] problems that's Open Source adverse.When we built Webshield, the first rev was based on qmail (postfix did not yet exist), and the followup product was based on postfix.
But that doesn't help the real problem with vendor products- if I _need_ a fix/upgrade/patch/function, you're not going to support my going in and fooling around with the product- for instance, a couple weeks ago, I needed a feature added to a snapshot release of Postfix- I've yet to see a vendor support a new feature the day a patch is released on something they don't maintain themselves- especially if I'm putting the patch on before the maintainer even issues a patched version. If I call the vendor and say "I'm specifically worried about this libc resolver issue, mind if I upgrade it myself and call you for support if I have issues?" I'm going to get a "Noway" answer 9 times out of 10, and the 10th person is going to give me the same level of support they'd give their nearest competitor at twice the cost. Mail systems these days needs some agility to react to issues, and the test cycle for products is simply longer than an immediate threat or need can coexist with. Frankly vendors would be foolish to adopt an upgrade cycle that potentially could affect stability without a long test cycle. That ability to make a point choice (my company/server/unit/whatever needs this in the next 5 minutes and I can babysit it to make sure it doesn't screw up.) is distinctly counter to the strategic function choice (I want a product that does $foo to mail because I'm getting too my $bar and the occasional flood of $baz.) I'm saying that I find it, and have found it necessary to have that agilility out in front of the product set- regardless of the components (though I tend to look for hetrogenous things- putting Postfix in front of Postfix doesn't provide as much protection as putting Qmail in front of Postfix, for instance- putting anything in front of Exchange provides lots of protection ;) .) Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Email Appliances Behm, Jeffrey L. (Aug 02)
- Re: Email Appliances Paul Robertson (Aug 02)
- Re: Email Appliances Richard Threadgill (Aug 02)
- Re: Email Appliances Paul Robertson (Aug 02)
- Re: Email Appliances Mikael Olsson (Aug 02)
- Re: Email Appliances Paul Robertson (Aug 02)
- Message not available
- Re: Email Appliances Marcus J. Ranum (Aug 02)
- Reverse Inspecting Proxy Definition Paul Timmerman (Aug 05)
- Stealth Firewall Definition Paul Timmerman (Aug 05)
- Re: Email Appliances Richard Threadgill (Aug 02)
- Re: Email Appliances Paul Robertson (Aug 02)