Mail server add-on for ReadyNAS?

WhoCares? wrote:

claykin wrote: Is it just me or is anyone else concerned about security vulnerabilities by exposing services to the Internet? Nobody said that just because you have a mail server up and running you also have to expose that service right to the internet. You could just use it to collect your mail from various external accounts and have it act as a local central hub and master storage for your clients all the while providing services to the users that the external providers don't offer. That's no more a security risk than using your email client and connect to any given mail provider to fetch your mail from there. Or to put it more general: The availability of a technology in itself isn't risky. It's just the users of any technology who create the risks ;) Regards, Stefan

An SMTP server port open to the Internet to "collect your mail" is more risky than an email client. One is behind a NAT or SPI firewall, the other is NOT. An SMTP server leaves a known and common port (25) open to the Internet, a mail client does NOT.

Yes, there are more secure and less secure ways to setup a local SMTP server, however 95% of users would be vulnerable the very first time an exploit is discovered with that server and the user does not know to patch the add-in or NAS firmware. Its a reality of life. Many of these 95% will also allow unauthenticated SMTP relay and it will only be a matter of time before spammers will be using their mailserver as an SMTP relay. Worse is that these users will end up on RBL lists and have trouble sending email to friends/colleagues, because their IP/HOST will listed as a spammer. I'd like to see some data for users with home grown SMTP servers to see how many of them can successfully send email to xxx@comcast.net users with the crazy spam filtering employed by Comcast. We have enough trouble keeping our corporate SMTP server in good graces with them. And that server only sends email from the LAN, no SMTP relay allowed. Even port 25 is closed to the WAN so no external connections permitted.

When you let a reliable third party operate your SMTP server you offload that responsibility to them. They have trained security people on their staff to keep an eye out for exploits and patches to keep their services safe from hackers. They also know how to keep up with the always moving target called spam filtering. Are most end users going to know how to setup their domain name DNS to make sure they have an SPF record and can pass reverse DNS?

Users just need to be made aware of the risks of operating exposed services on common ports.