Some of the posts on this thread (and others) seem to be referring to
the mail server receiving the mail from the outside as the "firewall".
Actually a mail server that receives mail and then passes the mail on
to the internal mail server for further processing should probably be
called a mail proxy server because it has about the same functionality
as a web proxy server.
Of course you could run mail software on a firewall depending on what
kind of platform and OS you run your firewall on, but it�s not
recommended from a security point of view. The more services you run
on your firewall, the more vulnerable you make it.
What I would recommend is a separate mail server to receive mail
outside your firewall (or in the DMZ), and forward that mail to your
mail server with all the accounts, inside the firewall. The theory
being that if someone invades your "proxy" mail server, your internal
mail server isn�t bothered (it just stops being able to receive and
send mail to the outside).
=== Al
--- Felix von Leitner <[EMAIL PROTECTED]> wrote:
> Thus spake Jean Caron ([EMAIL PROTECTED]):
> > First question, I have to move my mail server behind my firewall (it was
> > in front until now). My goal is to have the firewall accept all mail for
> > the domain, and forward "everything" "as is" to the mail server, inside.
> > A dumb relay, is all I need.
>
> Don't do that.
> It degrades performance and reliability and increases the complexity of
> the system and with that the risk for security problems.
>
> If what your signature is right, i.e. that you are working on network
> optimization, than you should see why this is a bad idea.
>
> Felix
__________________________________________________
Do You Yahoo!?
Yahoo! Shopping - Thousands of Stores. Millions of Products.
http://shopping.yahoo.com/
