It kind of depends.
Security-wise, you want mail to be relayed through a 'hard' mail program
like procmail or qmail or something before it gets to any 'soft' mail
programs like Sendmail, Exchange or Groupwise (assuming it gets to any of
those at all).
You could achieve this by running the 'hard' mailserver on the firewall, but
you could also achieve this by running a bastion host in the DMZ that just
does mail-relay through qmail or whatever.
What you _don't_ want is simple NAT port forwarding to your internal
mailserver.
Cheers,
--
Ben Nagy
Network Security Specialist
Marconi Services Australia Pty Ltd
Mb: +61 414 411 520 PGP Key ID: 0x1A86E304
> -----Original Message-----
> From: Rick Lim [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, 15 March 2001 1:27
> To: [EMAIL PROTECTED]
> Subject: Newbie question re: mail hub
>
>
> Hi there,
>
> Here's a newbie question........
> what is the best configuration, and why
>
> 1) mail hub on firewall machine
>
> 2) mail hub on internal machine with the mail port forwarded
> to the mail
> hub
>
> 3) other suggestions.
>
> TIA
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
