On Tue, Jan 15, 2008 at 11:27:06AM +0100, Stephane Durieux wrote: > Building a mail server for 200/300 users (able to grow > till a thousand) and as a newbie I need an advice > > My choice a turned to postfix with virtual mailboxes, > courrier-imaps, squirrel mail (https), postgrey and > dspam spam, amavis and clamav against virus, iptables > for undesired packets. > > The "framework" is this one : > all on the mail server except squirrelmail > > The problem is that someone has adviced me to put > instead a front device with squirrelmail with iptables > and squirrelmail with a ssh tunnel to smtp and imap > services > > But I don t really understand the gain of that > framework in terms of security or performance
For CPU power, it could all be on one box. For drive space, it could all be on one box although that depends on the box. For security, think of it this way. If it is all on one box, then you have all that open to the internet. The more stuff on a firewall, the more potential security bugs to be exploited. If you can afford to set up for this many users, you can afford a simple box as a firewall. The size of the firewall depends on the speed of the internet connection. The firewall is the "iptables" stuff. Assuming that you have total control over the network between the firewall and the mail box, I don't see the need for an ssh tunnel between the two. This way, your mail server doesn't have to get bogged down handling port scans, and other internet detritus. Also, should that firewall be compromised, at least initially your mail server isn't compromized. As for iptables, shorewall is an easy yet powerful way to set that up. Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
