Architecting a 2-level mail system

Michael Torrie torriem at chem.byu.edu
Sat Aug 13 09:13:41 MDT 2005


Here's something on topic for a change.  I hope that this also won't
turn into a days long flame war.

Here is my situation.  I currently have a large mail server sitting in
the DMZ.  We would like to have the option of delivering mail (and
storing IMAP folders) in users' home directories in their main file
space.  Mounting the file server through the firewall into the DMZ is
not acceptable.  

So to accomplish this same effect, I was thinking about having two mail
servers, one in the DMZ and one in the trusted zone that has the file
server mounted.  Mail will be filtered, anti-spammed, and virus scanned
in the DMZ, and then passed via LMTP or even normal SMTP to the inside
mail server where individual procmail recipes will be run and mail
delivered to home directories in Maildir format.

The outside mail server must allow smtp auth so that people outside the
department can still relay mail through our servers.  Also mail sent
from the inside must, due to external security reasons, go through our
outside mail server.

IMAP and POP will simply be proxied through to the inside.

Has anyone set up something like this before?  Is my idea sound at all?

<flame retardant suit on/>Our inside mail server will be sendmail, and
because of its milter capabilities which make filtering so much nicer
than any other MTA, I'm thinking about running Sendmail on the outside
server too.  qmail is not an acceptable option, so don't mention
it.<flame retardant suit off/>  The only thing I don't know how to do
currently is tell sendmail to accept mail for local delivery, but then
forward it on to the trusted mail server rather than deliver it.

Michael

-- 
Michael Torrie <torriem at chem.byu.edu>



More information about the PLUG mailing list