[CentOS] Kind of OT: internal imap server
Feizhou
feizhou at graffiti.net
Tue Aug 22 07:47:49 UTC 2006
Ralph Angenendt wrote:
> Feizhou wrote:
>> Kanwar Ranbir Sandhu wrote:
>>> Lately I've been thinking about moving Dovecot (for IMAP) into the
>>> internal network - I'd rather not store my mail on the CentOS 4 host in
>>> the DMZ.
>> Why?
>
> Because you don't want to have sensitive data in the demilitarized zone?
> I know that I don't want to.
Well, if the mails are sensitive data then maybe he should consider
having them all encrypted then rather than letting them flow around the
Internet in plain text.
>
>>> 2. If the answer to 1 is no, what's the best way to get mail from the
>>> SMTP server in the DMZ to an IMAP server in the internal network?
>>> Here's what I've briefly considered:
>>>
>>> DMZ Postfix+SpamAssassin -> Internal Postfix+Dovecot
>>> DMZ Postfix+SpamAssassin -> Internal Fetchmail+Dovecot
>
> The first one. Pinch a hole in your firewall which *only* allows smtp
> from that *one* host to the internal host.
Yeah, if he does not have to serve his mails outside the office that
should suffice.
>>> 3. Any tutorials for this out there, or even articles, etc., discussing
>>> using Postfix as a gateway? So far, I haven't found any that I've
>>> liked.
>
> Look at the relaydomains and the transports tables from postfix. Make
> sure that your domain isn't in $mydestinations. Make sure that your
> domain gets relayed (and transported) to the internal mailserver.
I guess you are also going to teach him how to reject mails to
non-existent users at the smtp level and not become an outscatter host.
>
>> It is a little bit involved. But first answer the question of why you
>> want to move before we explore this.
>
> I wonder why that should be necessary - it's his decision, and I can
> really understand, why he's making it.
I am glad that you can read his mind and learn about his environment.
More information about the CentOS
mailing list