From: Adrian Bolzan (no email)
Date: Wed Jan 02 2002 - 22:15:44 EST
On 2 Jan 2002 at 8:42, Ralf Hildebrandt wrote:
> On Wed, Jan 02, 2002 at 06:00:46PM +1000, Adrian Bolzan wrote:
>
> > My boss has asked me to minimise contact between the internet and the
> > internal network (understandable).
>
> For that, you can use Postfix as "quasi"-SMTP proxy.
>
yes, i suppose so, although i thougt to install something lighter, such as
"smtp-proxy", but I have given (below) a network design that uses
postfix as the quasi-proxy.
> > Regarding e-mail, he thought that a smtp proxy would assist in this,
> > although I realised that (a) it would be another server that could fail,
> > need maintainance, etc.; and (b) postfix is very secure, as is linux (or
> > can be).
>
> Well, you COULD use OpenBSD instead :)
>
> > sounds good, and this will fit in well with our new anti-virus set up.
>
> Be sure not to expose the SMTP listener of the Antivirus gateway
> directly to the internet.
>
thanks for that tip. There has been some comment on the fact that anti-
virus software does not run in a chrooted jail, and runs as root.
i think a set up such as:
For in:
Internet --> Postfix (Header/body matching, on DMZ)
--> Postfix + Antivirus (on DMZ)
--> Groupware server (Internal)
and then out:
Groupware server (internal) --> Postfix + Antivirus (on DMZ)
--> Postfix (Header/body matching, on DMZ)
--> Internet
should be a good solution.
thanks for the advise,
adrian
> Ralf Hildebrandt (Im Auftrag des Referat V A)
> Charite Campus Virchow-Klinikum Tel. +49 (0)30-450 570-155
> Referat V A - Kommunikationsnetze - Fax. +49 (0)30-450 570-916
> All data leaves a trail. The search for data leaves a trail. The erasure of
> data leaves a trail.The absence of data, under the right circumstances, can
> leave the clearest trail of all. -- Dr. Kio Masada
>
> -
> To unsubscribe, send mail to with content
> (not subject): unsubscribe postfix-users
-
To unsubscribe, send mail to with content
(not subject): unsubscribe postfix-users
|
|
|