Using a DMZ for email?
der.hans
plug-discuss@lists.plug.phoenix.az.us
Sat, 31 Aug 2002 19:42:54 -0700 (MST)
Am 31. Aug, 2002 schwätzte Anthony Hologounis so:
> I set up a DMZ to run http, smtp and ftp services external to my private
> network. Http and ftp seem to be pretty simple. I have some questions
> about SMTP.
>
> I have postfix running on the DMZ machine and it gets all of the mail
> external to me. My private/protected network has a mail server that I
> use to send mail. The INTERNAL network can pop/imap the mail from the
> DMZ machine but in order for me to do this the DMZ machine has to have
> the user name and password. This seems to be a security risk not to
> mention extra administration. I have to create users twice to make this
> work.
Allow your DMZ box to talk to port 25 of your internal box and have that box
worry about user accounts.
If you don't want the extra hole have the internal machine go get mail from
the DMZ box.
BTW, please don't use FTP unless you really need to. Use http for anon and
auth d/l and scp for uploads if you need it.
ciao,
der.hans
--
# https://www.LuftHans.com/
# It's up to the reader to make the book interesting.
# An author has only the opportunity to make it uninteresting. - der.hans