Mail server security - best practices?
- From: sealinux@xxxxxxxxx
- Date: 26 Apr 2006 21:53:39 -0700
Okay, here's what I have:
A four-legged firewall with public interface (fxp0), private client
interface (fxp1), private server interface (sis0), and public server
interface (sis1). I am going to be running qmail, apache, and BIND on
the public server. The private server is running courier-imap and
fetchmail and is also where all of my private files are kept. It is
only accessible from the outside via chrooted OpenVPN.
The question is, how to divvy up the public services? Right now, the
plan is to run mail and DNS on one machine and web and DNS on the
other. Ideally, I'd like for the incoming mail to not "live" on the
public server but to be delivered to the private one, but that, to me,
defeats the purpose of having public/private servers. The only way I
can think to do it would be to have the private server export the home
directories via NFS so that the email server could deliver the messages
to the user's home directories.
Any ideas?
.
- Follow-Ups:
- Re: Mail server security - best practices?
- From: Steve at fivetrees
- Re: Mail server security - best practices?
- From: jKILLSPAM . schipper
- Re: Mail server security - best practices?
- Prev by Date: Re: Bridge0 gone mad!
- Next by Date: isakmpd: ESP + AH tunnel in OpenBSD
- Previous by thread: openBSD 3.8 firewall using 3com 3C509B nic speed problem
- Next by thread: Re: Mail server security - best practices?
- Index(es):
