Hi

I'm about to deploy a new firewall based on Astaro Linux. This firewall have the option to function as a smtp mail relay for my internal mailserver for all incoming mail. At first this seems like a nice setup, but wouldn´t this be a potential security risk? This would make my firewall vulnerable for DOS attacks on port 25. The normal setup would be to put a smtp relay in the DMZ and have that relay all incoming mail to my internal mailserver.
Are there any one who has experience with using a firewall/UTM as both firewall and SMTP relay for incoming and outgoing mail.

/A

It's not specific to running a relay or the MTA connected directly or in a DMZ. Basically a DoS can happen to any exposed device be it a router, MTA or firewall. If you read the SMTP relay section help of Astaro Linux Firewall you'll get an overview of the risks the relay protects against. AFAIK DoS is not among those because that's a play between you and your service provider. One way to have redundancy slash somewhat mitigate an email DoS situation could be to run the main MTA yourself and run each of your backup MXes (you do have backup MX records, right?) at a different provider.

1 members found this post helpful.

Let us know if http://www.linuxquestions.org/questi...actice-800175/ supersedes this question. No need to keep n threads alive on aprox the same topic.

The new one superseeds this, så we can close this one.

Next time please report it using the Report button on your original post.