[KLUG Members] Replacing "gatekeeper" and "mail beamer".

[Bryan-TheBS-Smith]

Richard Zimmerman wrote:
> Yup, with ACL's you can control when the connection is available (or not)
> and even WHO can access the web! You can setup it by days, days / hours, etc.
> It's pretty flexable. Also, it does REALLY good logging alhough in thier case
> they are walking the privacy line.

There is also a Squid version with site blocking capability and list
updates if your company requires that.  Personally I find it is
inhibiting, and it's better to keep good logs and have a formal due
process -- which is _only_ used when someone's productivity comes
into question first.  South Dakota has a similar policy and it is
working very well.

Network Computing did a review of both hardware and software
proxy/caching servers in late 1999.  Squid ruled the software
products, even beating out several hardware-based solutions (only
NetApp acceled past it), and MS Proxy was _dead_last_, 4x _slower_
than Squid.  It also had security and configuration issues and was
the _least_flexible_.  Unfortunately, the article has been yanked
off their site (for what reason???).

> I run Qmail along with email virus scanning over here and VERY happy with
> it. You would use a program like fetchmail to get the mail from the ISP and
> fetchmail "injects" the message into Qmail / Sendmail like the sender's isp
> sent it itself. I can not speak for Sendmail (many here can) but Qmail is
> secure, solid, fast and VERY flexable.

AMaViS is what I use with Sendmail.  I'm sure there are others.

McAfee is coming out with its first hardware-based solution.  It's a
3K "all-in-one" scanning device (web, mail, remote access, etc...)
that is x86 and runs ... tada ... Linux!  Linux was chosen by McAfee
for customability, quick exploit resolution and lack of licensing
issues.

> 1. FREE (or close to it)

Lower Total Cost of Ownership (TCO).  There is some "FUD" going
around that "yeah, Linux is cheaper, but it costs more in support." 
That's utter bull.  As a longtime NT admin, the lack of crashes and,
_more_importantly_, lack of reboots everytime you reconfig is a mega
bonus.  As far as "retraining," all you need is to get a good Linux
admin to spearhead and within 6 months, everyone will be
up-to-speed.

> 2. Reliable. I've got an old 486 clunker w/ no battery backup, etc. in a
> VERY bad electrical environment and it cruises right along (if you can say 486
> are quick <G>)

Again, Linux is not just reliable, but requires no reboots when you
reconfigure, patch or upgrade (unless it is the kernel or GLibC
themselves).  ZD's Sm@rtPartner is one of the few IT publications
that showed this results in lower TCO with Linux -- not to mention
the lack of crashes.  It is also the reason why Linux admins keep up
with the latest updates, and NT admins don't, because updating
doesn't require a reboot -- a small detail, but _very_crucial_.

> 3. There is more and more support / programs / options for Linux everyday!
> I've got 2 servers here now and they just work!

Anyone who tells you that Linux is "unsupported" is just spreading
FUD.  We've got a guy here who showed that every storage, database
and other vendor they used for their existing HP systems also were
100% RedHat Linux certified.  Hardware savings alone was 66%.

> 4. SECURE! Surely can't say that about Windows / NT / Win 2000!

As a longtime NT sysadmin, even "advocate" in the "early days"
(1992-1994), the reason why NT/2000 isn't secure isn't the
underlying OS.  The reasons are even more sinister:

1.  Features are focus, security is _never_ a design-time
consideration
2.  Even when security risks are _known_, automation takes
precedence over security
3.  Applications are multiuser ignorant (even Microsoft's own),
which often leads to gross security violations
4.  Security in Windows 2000 is overkill to the point of confusion
and "holes by default" for compatibility

> As for management, with Squid you edit the config file
> /etc/squid/squid.conf to add / remove a specific user and -HUP the squid
> process and presto! You don't even lose a bit of data in the process!

Squid _is_ "the bomb."  I highly recommend you put its cache on its
own disk drive, or consider a RAID-0 solution.  "On the cheap," you
can get the ~$120 3Ware Escalade 6200 ATA "Storage Switch" which is
the fastest ATA RAID-0/1 controller on the market (according to
Storage Review), and has been supported in the stock kernel since
2.2.15.  I have it paired with a couple of 80GB Maxtors in this
system -- very fast indeed.

-- TheBS

-- 
Bryan "TheBS" Smith     mailto:b.j.smith@ieee.org     chat:thebs413
Engineer   Absolute Value Systems, Inc.   http://www.linux-wlan.org
President     SmithConcepts, Inc.      http://www.SmithConcepts.com