[Kroupware] Some questions

Martin Konold martin.konold at erfrakon.de
Wed Nov 19 01:58:36 CET 2003


Am Tuesday 18 November 2003 10:06 am schrieb Andreas Gungl:

Hi Andreas,

> Our network has a DMZ with a mail server inside. Access is made via SMTP
> (sendmail is running) and POP3. We intend to place the Kolab server inside
> our intranet (then using IMAP and SMTP to postfix). The existing server
> should work as a proxy only. Does somebody run a similar configuration and
> what are the common pitfalls in the setup?

Such a configuration is very much recommended. Basically the smtp proxy in the 
DMZ forwards all legal incoming mail to the Kolab server in the intranet. 
Often it is also a good idea to scan for viruses and do some anti-spam 
precautions in the DMZ already.

The Kolab server uses the proxy server as a relay host while the proxy has 
transport rules which point at the Kolab server. Authorized client networks 
are defined by the mynetworks parameter. The default is to authorize all 
clients in the IP subnetworks that the local machine is attached to. 

E.g. on the proxy Erfrakon uses the following transport entries 
	erfrakon.de     smtp:[mail.hq.erfrakon.de]:25
	.erfrakon.de    smtp:[mail.hq.erfrakon.de]:25
	erfrakon.com    smtp:[mail.hq.erfrakon.de]:25
	.erfrakon.com   smtp:[mail.hq.erfrakon.de]:25
and our Kolab server has the following relay setting in main.cf
	relayhost = 193.197.159.57


There is no need to rewrite the email addresses as mentioned in another replay 
to your question.

BTW: For security reasons I recommend to use something else than sendmail as a 
proxy.

Regards,
-- martin

Dipl.-Phys. Martin Konold
e r f r a k o n
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
Nobelstrasse 15, 70569 Stuttgart, Germany
fon: 0711 67400963, fax: 0711 67400959
email: martin.konold at erfrakon.de



More information about the Kroupware mailing list