Re: [exim] OT: General question about dmz and email gateways

Top Page
Delete this message
Reply to this message
Author: Marc Haber
Date:  
To: exim-users
Subject: Re: [exim] OT: General question about dmz and email gateways
On Wed, 8 Nov 2006 14:43:16 +0000, "Kristian Davies"
<kristian.davies@???> wrote:
>1) SMTP gateway sits in the DMZ for the company and forwards mail
>through a pinhole to the email server in the inside network and vice
>versa. The gatway might deal with spam and av issues.


That one is what I'd do. If webmail from external is desired, put an
reverse proxy in the service network[1].

A different approach would be to have the mail server itself on a
service network, probably with an e-mail gateway and/or a reverse web
proxy on a different service network. That one would reduce the risk
of a compromised web mail service posed to the internal network.

Greetings
Marc

[1] I refuse to use the word DMZ since everybody uses it and nobody
knows what it used to mean and it does not have a clear meaning
nowadays any more. A service network is a firewalled network housing
services with a security level in between the Internet and the
internal network.

-- 
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber         |   " Questions are the         | Mailadresse im Header
Mannheim, Germany  |     Beginning of Wisdom "     | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834