lutz.niede...@gmx.net:
> Hi.
>
> Normally, I would say it is a good idea to set up a DMZ, put
> relaying postfix in there and the final postfix into the LAN. This
> is the design that was planned in the current project and implemented
> many times before. But now, some believe that postfix is mature
> and secure enough to not use a DMZ. Yes, some things may become
> easier in some areas. There is a firewall, fail2ban could also
> be used... I understand that the idea may sound comfortable. But
> I don't feel well with not using a DMZ. Are there good reasons
> for not using a DMZ? Is that really responsible?
It depends on your security requirements and threat model. If you
need this, then I recommend that the 'DMZ' Postfix be locked down
maximally such that it cannot execute commands locally (remove
pipe(8), local(8) and spawn(8), or any master.cf service that uses
them) and that Postfix network daemons run chrooted.
Wietse
