On Wed, 8 Nov 2006 14:43:16 +0000, "Kristian Davies"
<kristian.davies@???> wrote:
>1) SMTP gateway sits in the DMZ for the company and forwards mail
>through a pinhole to the email server in the inside network and vice
>versa. The gatway might deal with spam and av issues.
That one is what I'd do. If webmail from external is desired, put an
reverse proxy in the service network[1].
A different approach would be to have the mail server itself on a
service network, probably with an e-mail gateway and/or a reverse web
proxy on a different service network. That one would reduce the risk
of a compromised web mail service posed to the internal network.
Greetings
Marc
[1] I refuse to use the word DMZ since everybody uses it and nobody
knows what it used to mean and it does not have a clear meaning
nowadays any more. A service network is a firewalled network housing
services with a security level in between the Internet and the
internal network.
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
