how about sendmail on the firewall which just forwards
to the internal mail hub?
> -----Original Message-----
> From: Ben Nagy [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, March 14, 2001 2:22 PM
> To: 'Rick Lim'; [EMAIL PROTECTED]
> Subject: RE: Newbie question re: mail hub
>
>
> It kind of depends.
>
> Security-wise, you want mail to be relayed through a 'hard' mail program
> like procmail or qmail or something before it gets to any 'soft' mail
> programs like Sendmail, Exchange or Groupwise (assuming it gets to any of
> those at all).
>
> You could achieve this by running the 'hard' mailserver on the
> firewall, but
> you could also achieve this by running a bastion host in the DMZ that just
> does mail-relay through qmail or whatever.
>
> What you _don't_ want is simple NAT port forwarding to your internal
> mailserver.
>
> Cheers,
>
> --
> Ben Nagy
> Network Security Specialist
> Marconi Services Australia Pty Ltd
> Mb: +61 414 411 520 PGP Key ID: 0x1A86E304
>
> > -----Original Message-----
> > From: Rick Lim [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, 15 March 2001 1:27
> > To: [EMAIL PROTECTED]
> > Subject: Newbie question re: mail hub
> >
> >
> > Hi there,
> >
> > Here's a newbie question........
> > what is the best configuration, and why
> >
> > 1) mail hub on firewall machine
> >
> > 2) mail hub on internal machine with the mail port forwarded
> > to the mail
> > hub
> >
> > 3) other suggestions.
> >
> > TIA
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
