Ralph Angenendt wrote:
Feizhou wrote:
Kanwar Ranbir Sandhu wrote:
Lately I've been thinking about moving Dovecot (for IMAP) into the internal network - I'd rather not store my mail on the CentOS 4 host in the DMZ.
Why?
Because you don't want to have sensitive data in the demilitarized zone? I know that I don't want to.
Well, if the mails are sensitive data then maybe he should consider having them all encrypted then rather than letting them flow around the Internet in plain text.
- If the answer to 1 is no, what's the best way to get mail from the
SMTP server in the DMZ to an IMAP server in the internal network? Here's what I've briefly considered:
DMZ Postfix+SpamAssassin -> Internal Postfix+Dovecot DMZ Postfix+SpamAssassin -> Internal Fetchmail+Dovecot
The first one. Pinch a hole in your firewall which *only* allows smtp from that *one* host to the internal host.
Yeah, if he does not have to serve his mails outside the office that should suffice.
- Any tutorials for this out there, or even articles, etc., discussing
using Postfix as a gateway? So far, I haven't found any that I've liked.
Look at the relaydomains and the transports tables from postfix. Make sure that your domain isn't in $mydestinations. Make sure that your domain gets relayed (and transported) to the internal mailserver.
I guess you are also going to teach him how to reject mails to non-existent users at the smtp level and not become an outscatter host.
It is a little bit involved. But first answer the question of why you want to move before we explore this.
I wonder why that should be necessary - it's his decision, and I can really understand, why he's making it.
I am glad that you can read his mind and learn about his environment.