firewall, spam and virus control in one box
Roger Grosswiler
roger at gwch.net
Thu Jun 9 10:40:03 UTC 2005
> On Thu, 2005-06-09 at 08:54 +0200, Bjørn-Sverre Nøttum wrote:
>> Is it possible to put all these applications in a fedora box, and make
>> this
>> a sort of a "securebox" that is filtering all in- and outgoing traffic?
>
> I'd recommend doing SPAM and virus filtering on the mail gateway and
> http proxy, and running the firewall on a separate machine.
>
>> I have looked at spamassasin and clamav, but I am not sure if these are
>> the
>> best choises. And I have not found anything on how to make them work
>> together.
>
> My favourite glueware between MTA and content checkers is amavisd-new.
> It's very flexible and powerful.
>
> I'm using postfix/amavis/spamassassin/(various AV's) in a number of
> sites with great success.
>
>> When it comes to fierwalling - is it possible to use the one that
>> is pre-built into the fedora release?
>
> Absolutely, the Linux kernel firewall is as good a stateful packet
> filter as any. I don't think Fedora is the best choice for an Internet
> firewall, though, simply because of its short life cycle. The last thing
> you want is stale software at your perimeter. Have a look at the free
> RHEL variants, or even OpenBSD, which has a way cool kernel firewall
> (pf).
>
> Cheers
> Steffen.
>
I agree with those recommendations. Plus think about installing squid on
your firewall, so your http trafic gets proxied. with this possibilty and
some (i think there are just commerial ones) tools, you can also filter
your webtraffic for viruses. i am not sure, if squidguard or dansguard
bring those possiblities..
Roger
More information about the users
mailing list