[lug] Personal Server Behind DSL Router

David L. Anselmi anselmi at anselmi.us
Sat Jan 13 14:34:10 MST 2007


karl horlen wrote:
[...]
> I think i see what a bounce is now.  Normally with
> spam filtering, if a mail is flagged as spam/junk, a
> good filter will probably just "drop" the mail.  In
> otherwords, it actually does initially accept the mail
> but then just trashes it.  
> 
> If instead it flagged it as spam and then sent a reply
> back (which is kind of silly because spam often comes
> from a bogus address or at least an address that
> didn't exactly authorize the sending) that basically
> creates double spam.

Spam filtering and sending an NDR are different processes.  If you know 
it's spam you wouldn't bounce it (well, reasonable people don't).  But 
if you don't know it's spam you may bounce it and that may bother 
innocent bystanders.  So you have to be good at spam filtering, which 
takes a bit of work.  Which is why I originally said you probably don't 
want to run your own mail server.

BTW, most of the terms, packages, and procedures you're asking about can 
be looked up easily on Google.  You don't have to ask here.  Not that we 
mind but see:

http://catb.org/~esr/faqs/smart-questions.html#before

[...]
> I'm wondering about how to setup a *real* DMZ with
> current setup (versus what i would call a *pseudo*
> dmz).  What i mean is that my actionctec dsl modem
> router has multiple internal ports on 1 internal
> network and one external port/network.  If I attach my
> public server to one internal port on the actiontec,
> attaching my private network to the other internal
> ports puts it on the same network as the DMZ.  In that
> case it's not really a "true" DMZ is it?

In that case it's not a DMZ at all.

> My next thought was to attach my linksys router to one
> of the ports on the actiontec and then place my
> private network on the internal side of the linksys. 
> That gives a little more separation between the public
> server and the private network but I'm not sure that
> really creates a "true" dmz either.

If the Linksys provides filtering to protect the private network from 
the DMZ network, it's a DMZ.  DMZ is more an architectural term than a 
hardware term.  So I won't quibble about implementation.  Ask Google or 
look at the O'Reilly firewall book if you want more detail.

Dave



More information about the LUG mailing list