Re: 2 Postfix servers (DMZ + LAN)

Sahil Tandon a écrit : > On Mon, 05 Oct 2009, Ansgar Wiechers wrote: > >> On 2009-10-04 Sahil Tandon wrote: >>> On Sun, 04 Oct 2009, Ansgar Wiechers wrote: On 2009-10-04 Sahil Tandon wrote: > On Sun, 04 Oct 2009, Ansgar Wiechers wrote: >> On 2009-10-04 mouss wrote: >>> anyway, it

Re: 2 Postfix servers (DMZ + LAN)

On Mon, 05 Oct 2009, Ansgar Wiechers wrote: > On 2009-10-04 Sahil Tandon wrote: > > On Sun, 04 Oct 2009, Ansgar Wiechers wrote: > >> On 2009-10-04 Sahil Tandon wrote: > >>> On Sun, 04 Oct 2009, Ansgar Wiechers wrote: > On 2009-10-04 mouss wrote: > > anyway, it is ok to relay mail from the

Re: 2 Postfix servers (DMZ + LAN)

On 2009-10-04 Stan Hoeppner wrote: > Sahil Tandon put forth on 10/4/2009 5:28 PM: >> I appreciate the adherence to Firewalling 101 (something you have >> preached before on security-basics), but common sense and practical >> issues might impel one to make an exception and allow port 25 *only* >> fr

Re: 2 Postfix servers (DMZ + LAN)

On 2009-10-04 Sahil Tandon wrote: > On Sun, 04 Oct 2009, Ansgar Wiechers wrote: >> On 2009-10-04 Sahil Tandon wrote: >>> On Sun, 04 Oct 2009, Ansgar Wiechers wrote: On 2009-10-04 mouss wrote: > anyway, it is ok to relay mail from the DMZ to the LAN. No. >>> >>> Why? >> >> Beca

Re: 2 Postfix servers (DMZ + LAN)

Sahil Tandon put forth on 10/4/2009 5:28 PM: > I appreciate the adherence to Firewalling 101 (something you have > preached before on security-basics), but common sense and practical > issues might impel one to make an exception and allow port 25 *only* > from Outside Postfix -> Inside Postfix. >

Re: 2 Postfix servers (DMZ + LAN)

Sahil Tandon: > On Sun, 04 Oct 2009, Ansgar Wiechers wrote: > > > On 2009-10-04 Sahil Tandon wrote: > > > On Sun, 04 Oct 2009, Ansgar Wiechers wrote: > > >> On 2009-10-04 mouss wrote: > > >> > > >>> anyway, it is ok to relay mail from the DMZ to the LAN. > > >> > > >> No. > > > > > > Why? > >

Re: 2 Postfix servers (DMZ + LAN)

On Sun, 04 Oct 2009, Ansgar Wiechers wrote: > On 2009-10-04 Sahil Tandon wrote: > > On Sun, 04 Oct 2009, Ansgar Wiechers wrote: > >> On 2009-10-04 mouss wrote: > >> > >>> anyway, it is ok to relay mail from the DMZ to the LAN. > >> > >> No. > > > > Why? > > Because violating the DMZ is never o

Re: 2 Postfix servers (DMZ + LAN)

On 2009-10-04 Sahil Tandon wrote: > On Sun, 04 Oct 2009, Ansgar Wiechers wrote: >> On 2009-10-04 mouss wrote: >> >>> anyway, it is ok to relay mail from the DMZ to the LAN. >> >> No. > > Why? Because violating the DMZ is never okay without a Damn Good Reason(tm). That's firewalling 101. If you

Re: 2 Postfix servers (DMZ + LAN)

On Sun, 04 Oct 2009, Ansgar Wiechers wrote: > On 2009-10-04 mouss wrote: > >> anyway, it is ok to relay mail from the DMZ to the LAN. > > No. Why? -- Sahil Tandon

Re: 2 Postfix servers (DMZ + LAN)

On 2009-10-04 mouss wrote: > Ansgar Wiechers a écrit: >> On 2009-10-02 Augusto Casagrande wrote: >>> Sorry my mistake , it was actually postconf -n (as you can see , >>> there are no default options). >>> >>> The users mailboxes are in the LAN MTA >>> >>> The route for inbound is : Internet->MX->DM

RE: 2 Postfix servers (DMZ + LAN)

: postfix-users@postfix.org Subject: Re: 2 Postfix servers (DMZ + LAN) Ansgar Wiechers a écrit : > On 2009-10-02 Augusto Casagrande wrote: >> Sorry my mistake , it was actually postconf -n (as you can see , there >> are no default options). >> >> The users mailboxes are in

Re: 2 Postfix servers (DMZ + LAN)

Ansgar Wiechers a écrit : > On 2009-10-02 Augusto Casagrande wrote: >> Sorry my mistake , it was actually postconf -n (as you can see , there >> are no default options). >> >> The users mailboxes are in the LAN MTA >> >> The route for inbound is : Internet->MX->DMZ MTA->LAN MTA > > Is your DMZ ser

Re: 2 Postfix servers (DMZ + LAN)

On 2009-10-02 Augusto Casagrande wrote: > Sorry my mistake , it was actually postconf -n (as you can see , there > are no default options). > > The users mailboxes are in the LAN MTA > > The route for inbound is : Internet->MX->DMZ MTA->LAN MTA Is your DMZ server supposed to be the MX or do you

Re: 2 Postfix servers (DMZ + LAN)

Augusto Casagrande a écrit : > Hi > My idea is to put 2 MTA's servers, one in the DMZ and the other in the LAN. > The goal is to get security in the LAN , and only expouse one server > to the internet. Also, i want to "decompress" the traffic , between > the LAN and internet. > So far , i' ve manag

Re: 2 Postfix servers (DMZ + LAN)

Sorry my mistake , it was actually postconf -n (as you can see , there are no default options). The users mailboxes are in the LAN MTA The route for inbound is : Internet->MX->DMZ MTA->LAN MTA For Otubound : Clnt->LAN MTA->DMZ MTA Regards. 2009/10/2 Ansgar Wiechers : > On 2009-10-02 Augusto Cas

Re: 2 Postfix servers (DMZ + LAN)

On 2009-10-02 Augusto Casagrande wrote: > My idea is to put 2 MTA's servers, one in the DMZ and the other in the > LAN. The goal is to get security in the LAN , and only expouse one > server to the internet. Also, i want to "decompress" the traffic , > between the LAN and internet. > So far , i' ve

Re: 2 Postfix servers (DMZ + LAN)

On 10/2/2009, Augusto Casagrande (augustocasagra...@gmail.com) wrote: > My DMZ Postfix postconf -d: -d only gives the defaults... You need to provide postconf -n output... -- Best regards, Charles