Re: Email server+network architecture

• Previous message: Ivan Coric: "Re: PIX config , pls advice"
• In reply to: dataclaus1@hushmail.com: "Email server+network architecture"
• Next in thread: Chris Berry: "Re: Email server+network architecture"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 15 Jan 2003 13:40:18 -0500 (EST)
From: Michael Osten <mosten@bleepyou.com>
To: dataclaus1@hushmail.com

>
> I can set up a 'corporate' mail server Inside (and no external linkage)without much trouble. But then the external-permitted people have to manage two accounts, one for inside and one for external mail (since those having external mail are some of the least computer savvy, this is not the best answer).

Set up forwarding rules for the people that access mail externally so that
all mail is forwarded to the correct mail server.

It gets messy, but it looks like things around there are messy any due to
policy.

>
> Research indicates that putting a mail server Inside and then configuring a conduit through our firewall is the least preferable option, as compromise would allow Inside access.
>

Uh? Maybe, but you've got to get mail in and out right? just set the
tightest set of access rules you can think of. I would assume that there
are "open" ports on your firewall currently right?

> We don't want to place the server in the DMZ because then we'd have to permit smtp/POP3 to all users outside, and this does not meet the 'no customer data Outside' criteria.

that is completly untrue. Bind the service to a particuliar interface, or
restrict access based on netbock.

• Next message: John_Buhler@notes.tcs.treas.gov: "Re: Associating Windows Processes to TCPIP Ports?"
• Previous message: Ivan Coric: "Re: PIX config , pls advice"
• In reply to: dataclaus1@hushmail.com: "Email server+network architecture"
• Next in thread: Chris Berry: "Re: Email server+network architecture"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]