On Wed, 8 Nov 2006 14:43:16 +0000, "Kristian Davies" <[EMAIL PROTECTED]> wrote: >1) SMTP gateway sits in the DMZ for the company and forwards mail >through a pinhole to the email server in the inside network and vice >versa. The gatway might deal with spam and av issues.
That one is what I'd do. If webmail from external is desired, put an reverse proxy in the service network[1]. A different approach would be to have the mail server itself on a service network, probably with an e-mail gateway and/or a reverse web proxy on a different service network. That one would reduce the risk of a compromised web mail service posed to the internal network. Greetings Marc [1] I refuse to use the word DMZ since everybody uses it and nobody knows what it used to mean and it does not have a clear meaning nowadays any more. A service network is a firewalled network housing services with a security level in between the Internet and the internal network. -- -------------------------------------- !! No courtesy copies, please !! ----- Marc Haber | " Questions are the | Mailadresse im Header Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/ Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834 -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
