Secure mail setup - Best practice
I'm in the process of setting up a new mailsystem for a small network.
The network is protected by a firewall(Astaro ASG), with 2 connected networks, LAN and DMZ. Initially we planed to have a SMTP relay located in the DMZ that was accessible from the internet by port 25 (SMTP). The mail relay should relay all incoming mail to a Zimbra server on the LAN, and the internal Zimbra server would relay all outbound email through the SMTP relay in the DMZ. In other words, the internal Zimbra server has NO direct connection with mailserver on the internet. All traffic is limited to the two mail servers, and port 25 (SMTP)
Is this best practice, and will this be sufficient to protect the internal Zimbra server? Are there any other things that could be done to protect the mailserver? Would it be better to have the Zimbra server located in the DMZ as well, and enable clients on the LAN to connect either via POP/IMAP and https? This way there would be no hole from the DMZ and inbound to the LAN.
Any ideas or feedback about these kinds of setups would be appreciated
Last edited by andy.l; 04-05-2010 at 02:23 PM.