[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [security advise] Mail server outside of firewall




Hmm. Setting the MX up outside is a DNS question really, it should appear
as the MX for your things, and that's it.

Forwarding is another matter. You COULD set up something such as tcpd to
accept mail only from that MX outside the firewall, but how is it to be
sent ? UUCP is out for obvious reasons, you don't want 25 in, so maybe run
sendmail from inside the firewall to query that MX and pull the mail
somehow. Or allow 25 in and select only that MX as allowed peer. But there
is something called IP spoofing ... So you want MORE than just DNS+IP
authentication when connecting to the MX outside. 

A ftp transfer or such with SSL under it might work. But is it worth your
while ? And is there a mailer that runs with SSL on some ports, and
without on others ?

Peter