[CentOS] Kind of OT: internal imap server

Tue Aug 22 07:47:49 UTC 2006
Feizhou <feizhou at graffiti.net>

Ralph Angenendt wrote:
> Feizhou wrote:
>> Kanwar Ranbir Sandhu wrote:
>>> Lately I've been thinking about moving Dovecot (for IMAP) into the
>>> internal network - I'd rather not store my mail on the CentOS 4 host in
>>> the DMZ.
>> Why?
> 
> Because you don't want to have sensitive data in the demilitarized zone?
> I know that I don't want to.

Well, if the mails are sensitive data then maybe he should consider 
having them all encrypted then rather than letting them flow around the 
Internet in plain text.

> 
>>> 2. If the answer to 1 is no, what's the best way to get mail from the
>>> SMTP server in the DMZ to an IMAP server in the internal network?
>>> Here's what I've briefly considered:
>>>
>>>   DMZ Postfix+SpamAssassin -> Internal Postfix+Dovecot
>>>   DMZ Postfix+SpamAssassin -> Internal Fetchmail+Dovecot
> 
> The first one. Pinch a hole in your firewall which *only* allows smtp
> from that *one* host to the internal host. 

Yeah, if he does not have to serve his mails outside the office that 
should suffice.

>>> 3. Any tutorials for this out there, or even articles, etc., discussing
>>> using Postfix as a gateway?  So far, I haven't found any that I've
>>> liked.
> 
> Look at the relaydomains and the transports tables from postfix. Make
> sure that your domain isn't in $mydestinations. Make sure that your
> domain gets relayed (and transported) to the internal mailserver.

I guess you are also going to teach him how to reject mails to 
non-existent users at the smtp level and not become an outscatter host.

> 
>> It is a little bit involved. But first answer the question of why you 
>> want to move before we explore this.
> 
> I wonder why that should be necessary - it's his decision, and I can
> really understand, why he's making it. 

I am glad that you can read his mind and learn about his environment.