On Sat, 2005-08-13 at 09:13 -0600, Michael Torrie wrote: > Here is my situation. I currently have a large mail server sitting in > the DMZ. We would like to have the option of delivering mail (and > storing IMAP folders) in users' home directories in their main file > space. Mounting the file server through the firewall into the DMZ is > not acceptable. > > So to accomplish this same effect, I was thinking about having two mail > servers, one in the DMZ and one in the trusted zone that has the file > server mounted. Mail will be filtered, anti-spammed, and virus scanned > in the DMZ, and then passed via LMTP or even normal SMTP to the inside > mail server where individual procmail recipes will be run and mail > delivered to home directories in Maildir format.
I have a system very similar to this. We use LDAP for our user accounts so that both machines can see all the valid user accounts. Ours is a little more complicated because we have 2 back-end servers upon which we distribute our accounts. So the front-end looks up the final destination and routes it accordingly. The routing information is stored in LDAP. > The outside mail server must allow smtp auth so that people outside the > department can still relay mail through our servers. Also mail sent > from the inside must, due to external security reasons, go through our > outside mail server. > > IMAP and POP will simply be proxied through to the inside. We have a whole slew of domains which we proxy and use Perdition for that. It also looks in LDAP to find the user's destination server. For your needs though that's probably overkill. > Has anyone set up something like this before? Is my idea sound at all? > > <flame retardant suit on/>Our inside mail server will be sendmail, and > because of its milter capabilities which make filtering so much nicer > than any other MTA, I'm thinking about running Sendmail on the outside > server too. qmail is not an acceptable option, so don't mention > it.<flame retardant suit off/> The only thing I don't know how to do > currently is tell sendmail to accept mail for local delivery, but then > forward it on to the trusted mail server rather than deliver it. Devil's in the details, eh? We use Exim so I can't give you any specific help. I think it should be possible though. Corey
signature.asc
Description: This is a digitally signed message part
.-----------------------------------. | This has been a P.L.U.G. mailing. | | Don't Fear the Penguin. | | IRC: #utah at irc.freenode.net | `-----------------------------------'
