Ansgar Wiechers a écrit : > On 2009-10-02 Augusto Casagrande wrote: >> Sorry my mistake , it was actually postconf -n (as you can see , there >> are no default options). >> >> The users mailboxes are in the LAN MTA >> >> The route for inbound is : Internet->MX->DMZ MTA->LAN MTA > > Is your DMZ server supposed to be the MX or do you have a third server > that is acting as MX? > > Anyway, I'd strongly discourage using a setup where a DMZ server relays > mail to an internal server, because that would effectively break the > DMZ. An (IMHO) better approach would be to make the DMZ server the > endpoint for inbound mail, and then have your LAN server pull the mail > from it.
what kind of "pull" do you have in mind? if it's fetchmail or the like, then no. If mail should endup in the LAN, then relay is the best option. anyway, it is ok to relay mail from the DMZ to the LAN. > > If you absolutely must relay mail from the DMZ to your LAN, at least > make sure that the DMZ server is thoroughly hardened. > indeed. and if it's not, then just get rid of it! and this doesn't depend on push or pull. > [snip]
