On 27.08.22 13:30, lutz.niede...@gmx.net wrote:
Normally, I would say it is a good idea to set up a DMZ, put relaying
postfix in there and the final postfix into the LAN. This is the design
that was planned in the current project and implemented many times before.
But now, some believe that postfix is mature and secure enough to not use
a DMZ. Yes, some things may become easier in some areas. There is a
firewall, fail2ban could also be used... I understand that the idea may
sound comfortable. But I don't feel well with not using a DMZ. Are there
good reasons for not using a DMZ? Is that really responsible?
I don't see any reason to avoid a DMZ.
Also, I don't see any reason to put relaying postfix into DMZ and another
postfix into LAN.
the standard is afaik to put postfix into DMZ, so both external and internal
hosts can connect to postfix and postfix can connect to external hosts, but
postfix can't connect to LAN hosts.
is there any reason you can't use this setup?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Depression is merely anger without enthusiasm.
