[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [security advise] Mail server outside of firewall



On Thu, 21 May 1998, Alexander Indenbaum wrote:

> Hi!
> 
> I have a firewalled net with mail server in it and port 25 open to
> mail server.
> 
> For various security reasons I'd like to move mail server out of 
> firewall, to another net segment. New server will have no accounts on
> it ( except for administrators ) and will forward all mail to another 
> server inside firewalled net.
> 
> I'd like your advise about how to do it?
please note that there might be better solutions then this.
like a some kinds of a special fw SMTP relay that will hide your inside
net, check attachment etc, but that usually only come in commercial
firewall.

1. Have your DMZ mail server at a higher precedence MX the the fw
mail server.
 
   Pro: easier to maintain. just put it and forget about it.
   Con: delivering mail to your domain will take longer as it will first
        try to deliver to the unreachable (to the internet) server.
2. Have the DMZ mail server deliver mail with some kind of /etc/aliases
dbm.
 
   Pro: fast.
   Con: more maintainance if you have lots of users.


-- Asher
.--------------------------------------------------------------------.
| Asher Frenkel 			   Unix System Administrator |
| IBM Global Services, IBM Israel                                    |	
| Fax   : +972-3-6978115                        Phone: +972-3-6978946| 
| E-Mail:asher@ibm.net.il                              +972-3-6978687| 
`--------------------------------------------------------------------'