[Dshield] Quiet secure mailbox

Susan pobox2 at pinn.net
Mon Mar 18 14:54:15 GMT 2002


I don't know if any of you remember but about 6 months ago I said it was 
my goal to have a quiet secure mailbox. Well aside from probs at our 
webhost I have achieved the secure mailbox on this end. I spent about 5 
months trying to do it with windows. It wasn't possible. I 
bought/downloaded every software imaginable to attempt it.I tweaked and 
tweaked. I crippled parts of the system to make it less vulnerable etc 
etc etc (removed lots of communication junk, tinkered with the registry 
etc took out schscrp.dlls conf. dlls all that). It still wasn't 
possible. I had to keep reloading the system because of crap that would 
come in via email/random data picked up on the net and open holes or 
something. I imaged the drive for quick reload, the boot record showed 
up damaged again and again, probably an email bug, yes of course my 
virus defs are up to date, everything the latest software)

So anyway I put linux on one time and it has held it's own. I can add to 
it instead of always starting over. Mail folders are not executable. I 
have been sniffing the line here for days and nothing is coming in. 
nada. nothing. except for the one wierd 90.* arp which I am still 
investigating, which may, yes have come off another (yes you guessed it, 
a windows computer sharing the router that was hooked up for a few 
minutes though not directly connected to the mailbox)

But when the linux box is the only thing online, nothing moves, nothing 
shows, its real stable. It acts as a mailbox/traffic/arp cop for 
anything connecting to the router now and is superb. It logs in plain 
english, It mails me daily, it tracks itself. This box I WANT online all 
the time. It's always listening so we'll know if anyone is knocking. No 
rlogins are permitted. Its tcp wrapped hard and ssh installed just in case.

Maybe I can move ahead now, but I will forget about windows because 
attempting to really secure it was a complete waste of time, even behind 
an excellent external firewall. As far as I can tell it's not possible 
to secure any windows system unless maybe its downline from a linux 
system. you just end up wasting your money on software and then you 
still have problems.




More information about the list mailing list