Ralph Angenendt wrote: > Feizhou wrote: >> Kanwar Ranbir Sandhu wrote: >>> Lately I've been thinking about moving Dovecot (for IMAP) into the >>> internal network - I'd rather not store my mail on the CentOS 4 host in >>> the DMZ. >> Why? > > Because you don't want to have sensitive data in the demilitarized zone? > I know that I don't want to. Well, if the mails are sensitive data then maybe he should consider having them all encrypted then rather than letting them flow around the Internet in plain text. > >>> 2. If the answer to 1 is no, what's the best way to get mail from the >>> SMTP server in the DMZ to an IMAP server in the internal network? >>> Here's what I've briefly considered: >>> >>> DMZ Postfix+SpamAssassin -> Internal Postfix+Dovecot >>> DMZ Postfix+SpamAssassin -> Internal Fetchmail+Dovecot > > The first one. Pinch a hole in your firewall which *only* allows smtp > from that *one* host to the internal host. Yeah, if he does not have to serve his mails outside the office that should suffice. >>> 3. Any tutorials for this out there, or even articles, etc., discussing >>> using Postfix as a gateway? So far, I haven't found any that I've >>> liked. > > Look at the relaydomains and the transports tables from postfix. Make > sure that your domain isn't in $mydestinations. Make sure that your > domain gets relayed (and transported) to the internal mailserver. I guess you are also going to teach him how to reject mails to non-existent users at the smtp level and not become an outscatter host. > >> It is a little bit involved. But first answer the question of why you >> want to move before we explore this. > > I wonder why that should be necessary - it's his decision, and I can > really understand, why he's making it. I am glad that you can read his mind and learn about his environment.