Hi everyone.
Probably this has been discussed before but could not find any good
methods yet.
The scenario is a classic one:
1. one or more relay SMTP servers in DMZ
2. one or more backend SMTP servers on the inside network
3. There may or may not be separate incoming or outgoing designated SMTP
servers.
Now the desired functionality is (of course):
1. relay machines receive messages from outside AND inside
2. relays check for all the bad things (spam, viruses etc).
3. for incoming messages relays check for valid local users and reject
messages for invalid users
Such scenario allows all checks to be done at the entry point allowing
back-ends to
function with the real nice messages and at a much reduced load.
But there is a problem. If you are a DMZ admin (or a security hawk) #3
functionality above is
not possible without violating the DMZ policy, especially if you are
dealing with internal LDAP
and DB servers which essentially house personal information.
I am very interested to find out how others deal with this conflict in
an SMTP centric set-up.
Thank you.
Andreas
