FreeNAS as Postfix/SMTP Server?

[ewhac]

Right now I have an HP N54L running FreeNAS for the household. My vision for the future has been to get another N54L, load it up with generic FreeBSD, and turn it into the home gateway/firewall -- running a DNS/WINS server for the LAN, and maybe with an SMTP server on there as well. However, today I was introduced to this gadget from Mikrotik, which looks like it will do most of what I would want a FreeBSD gateway to do.

One thing the Mikrotik obviously won't do is email or Web serving, so I started wondering: How good/bad an idea is it to set up SMTP or other Internet-facing servers on a FreeNAS box? I know it can be done using chroot jails and installing the various packages. The question is: How wise/foolish is it to do so?

 

[Whattteva]

The jail can actually do any typical Internet service rather well. How wise/foolish it is really depends on your risk tolerance. Are you willing to potentially have a security breach on the very same box that hosts all your personal data?

Typically, the answer is no. Hence, why you almost never mix firewalls and file servers.

 

[ewhac]

The jail can actually do any typical Internet service rather well. How wise/foolish it is really depends on your risk tolerance. Are you willing to potentially have a security breach on the very same box that hosts all your personal data?

If the service were breached, presumably the jail would limit the surface area of the breach. Unless I'm missing something, damage should be limited to the datasets exported to the jail, so one should be judicious about what gets exported to a jailed Internet-facing service.

Typically, the answer is no. Hence, why you almost never mix firewalls and file servers.

No, that was the point -- the itsy-bitsy Mikrotik would become the firewall, and the more interesting services would run within FreeNAS chroot jails.

I guess the unstated subtext of my question is: Is there anything in FreeNAS's "optimization" as a local NAS/file server that makes it less appropriate for use as an Internet-facing mail/Web server than a generic FreeBSD install?