[Kroupware] Some questions
Martin Konold
martin.konold at erfrakon.de
Wed Nov 19 01:58:36 CET 2003
Am Tuesday 18 November 2003 10:06 am schrieb Andreas Gungl:
Hi Andreas,
> Our network has a DMZ with a mail server inside. Access is made via SMTP
> (sendmail is running) and POP3. We intend to place the Kolab server inside
> our intranet (then using IMAP and SMTP to postfix). The existing server
> should work as a proxy only. Does somebody run a similar configuration and
> what are the common pitfalls in the setup?
Such a configuration is very much recommended. Basically the smtp proxy in the
DMZ forwards all legal incoming mail to the Kolab server in the intranet.
Often it is also a good idea to scan for viruses and do some anti-spam
precautions in the DMZ already.
The Kolab server uses the proxy server as a relay host while the proxy has
transport rules which point at the Kolab server. Authorized client networks
are defined by the mynetworks parameter. The default is to authorize all
clients in the IP subnetworks that the local machine is attached to.
E.g. on the proxy Erfrakon uses the following transport entries
erfrakon.de smtp:[mail.hq.erfrakon.de]:25
.erfrakon.de smtp:[mail.hq.erfrakon.de]:25
erfrakon.com smtp:[mail.hq.erfrakon.de]:25
.erfrakon.com smtp:[mail.hq.erfrakon.de]:25
and our Kolab server has the following relay setting in main.cf
relayhost = 193.197.159.57
There is no need to rewrite the email addresses as mentioned in another replay
to your question.
BTW: For security reasons I recommend to use something else than sendmail as a
proxy.
Regards,
-- martin
Dipl.-Phys. Martin Konold
e r f r a k o n
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
Nobelstrasse 15, 70569 Stuttgart, Germany
fon: 0711 67400963, fax: 0711 67400959
email: martin.konold at erfrakon.de
More information about the Kroupware
mailing list