Mail server using VMware: SMTP gateway in the DMZ and maili servers on the LAN
Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Mail server using VMware: SMTP gateway in the DMZ and maili servers on the LAN
I'm looking for help both from Linuxquestions and VMware forums since I'm not sure which place would be best to look. I'm setting up a Sendmail server on top of FreeBSD and have read that it's a good security practice to place the SMTP gateway in the DMZ and the mail servers in the LAN. I would like to know if anyone has any experience doing this with VMs, one in the DMZ and one on the LAN.
As for possible security issues, I know that it could be possible to compromise the DMZ VM and possibly get to the LAN VM but, I think the risk is low as VM security is still decently high. Would I be better to use 2 separate boxes?
if you mean you have two seperate network connections into a single VMware server instance with a vSwitch for each nice, one for LAN and one for DMZ then in theory your fine, but it's pretty ugly to be using different security zones on a single platform. Your DMZ systems would be much more likely to be physical machines and not VM's for various security reasons. If you are looking for better security then I would often put low level security zone separation before best practises of SMTP traffic.
depending on your security architecture, many linux / bsd based firewall distro's, e.g. smoothwall, pfsense, ipcop, astaro can provide the SMTP gateway functionality within a security device, which might be a simpler way to get what you're alluding to.
Last edited by acid_kewpie; 12-13-2008 at 03:00 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.