Terry Gilsenan Corporate IT Manager InterOil Corporation P: +61 (7) 4046-4698 M: +61 417-600-360 ________________________________________ From: owner-postfix-us...@postfix.org [owner-postfix-us...@postfix.org] On Behalf Of mouss [mo...@ml.netoyen.net] Sent: Monday, 5 October 2009 7:01 AM To: postfix-users@postfix.org Subject: Re: 2 Postfix servers (DMZ + LAN)
Ansgar Wiechers a écrit : > On 2009-10-02 Augusto Casagrande wrote: >> Sorry my mistake , it was actually postconf -n (as you can see , there >> are no default options). >> >> The users mailboxes are in the LAN MTA >> >> The route for inbound is : Internet->MX->DMZ MTA->LAN MTA > > Is your DMZ server supposed to be the MX or do you have a third server > that is acting as MX? > > Anyway, I'd strongly discourage using a setup where a DMZ server relays > mail to an internal server, because that would effectively break the > DMZ. An (IMHO) better approach would be to make the DMZ server the > endpoint for inbound mail, and then have your LAN server pull the mail > from it. what kind of "pull" do you have in mind? if it's fetchmail or the like, then no. If mail should endup in the LAN, then relay is the best option. anyway, it is ok to relay mail from the DMZ to the LAN. > > If you absolutely must relay mail from the DMZ to your LAN, at least > make sure that the DMZ server is thoroughly hardened. > indeed. and if it's not, then just get rid of it! and this doesn't depend on push or pull. Heh, that depends on how big the server is, getting rid of it could involve quite a lot of pushing and pulling.... /me slinks off to hide under a rock
