Hi. Normally, I would say it is a good idea to set up a DMZ, put relaying postfix in there and the final postfix into the LAN. This is the design that was planned in the current project and implemented many times before. But now, some believe that postfix is mature and secure enough to not use a DMZ. Yes, some things may become easier in some areas. There is a firewall, fail2ban could also be used... I understand that the idea may sound comfortable. But I don't feel well with not using a DMZ. Are there good reasons for not using a DMZ? Is that really responsible?
Thanks, -lutzn
