Two things, well several things, really. You need more than one mail server, or you need a store-and-forward mx in case your mail server goes down. Second, I'd make sure you put antivirus and spam guards on the mail server, and that it's beefy enough to handle the traffic. A good split is to put a bastion mail server doing antivirus and spam checks, but no user verification outside the firewall (or inside a non-natting firewall), and have him just forward everything to a secure mail server inside. put the secure mail server with a non-routable ip, and the bastion mail server with one public ip, and one non-routable, to talk to the secure mail server. Make sure both mail servers are up-to-date and kept up to date patchwise. Run NO other services (except maybe ssh) on either server. On Monday 24 October 2005 10:29, Mark wrote: > Can anyone who has done it comment on the downside (if any) of bringing > email in-house, as opposed to continuing to pay a hosting provider? My plan > is to have a separate server, sitting by itself in the DMZ, so the internal > LAN should remain relatively safe. The DSL provider we use will host the > DNS records (MX). We have a top-notch firewall already in place, but this > is the first step we've taken toward making anything available inbound, so > I'm cautiously optimistic. > > -- > Mark > [unwieldy legal disclaimer would go here - feel free to type your own]
-- John Jolet Your On-Demand IT Department 512-762-0729 www.jolet.net [EMAIL PROTECTED] -- gentoo-user@gentoo.org mailing list
