[CentOS] Kind of OT: internal imap server

Feizhou feizhou at graffiti.net
Wed Aug 23 03:42:39 UTC 2006


> A simple solution if you have an extra machine..   install qmail on a
> new box...  put it into your DMZ to collect mail.   You then set a
> simple smtproute to forward all mail to your inner mail server's ip. 

qmail is secure, bug free and the programs are efficient but it needs 
updating.

> 
> There are no user accounts/passwords on the DMZ mail gateway and no mail
> stored (sensitive data) on the DMZ mail gateway machine.   
> 
> It simply accepts all email for your domain, and simply forwards it
> through the DMZ pinhole to your internal mail server.   If you want you
> could also have it handle antivirus, spam and rblsmtpd listing.    

The prime recipe for an outscatter host.

You will have to patch qmail to get any form of recipient address 
checking to reject at the smtp level.

Queue management can become a nightmare. With your proposal, if some 
spammer stuffs the queue with a load of spam (send spam to qmail box, 
set sender address to spam victim and voila! almost filter proof 
spamming) you have to stop the queue manager to do any deletes.

qmail is the best choice for an outgoing mail queue in its current 
state. Or a second stage mta if you want to make use of its great 
dot-qmail delivery behaviour. But as an mx, it won't cut it with today's 
Internet.



More information about the CentOS mailing list