Quote:
Originally Posted by andy.l
wouldn´t this be a potential security risk? This would make my firewall vulnerable for DOS attacks on port 25.
|
It's not specific to running a relay or the MTA connected directly or in a DMZ. Basically a DoS can happen to any exposed device be it a router, MTA or firewall. If you read the SMTP relay section help of Astaro Linux Firewall you'll get an overview of the risks the relay protects against. AFAIK DoS is not among those because that's a play between you and your service provider. One way to have redundancy slash somewhat mitigate an email DoS situation could be to run the main MTA yourself and run each of your backup MXes (you
do have backup MX records, right?)
at a different provider.