Postfix setup help
 

After spending considerable time trying to config sendmail, I said forget it. So I downloaded postfix. It was easier to get up and running as a local server, but what I want is to send smtp over the internet to my clients.

What I have is a proxy server running squid and a web server on different linux machines. The proxy being (192.168.1.1) and the web server (APACHE) on 192.168.1.4.
What I propose is to set up postfix as an Email gateway server on the proxy machine and have the actual Postfix smtp server on the web server box.

I've gone through the documentation at the Postfix site and I think I have a general idea as to what to do. Can anyone point me to a better source with maybe some example config of what I'm trying to do. I always like to consult more than one source when I find myself in merky water. There is always someone who can explain a problem better than the next guy.

From what I read so far it seems like postfix as a gateway server forwards smtp (outgoing mail) to recipients over the net but can forward incoming mail to my pop3 server as well. If I'm wrong about that then you can see at least one area where I am confused.

Any advise will be appreciated.

Thanks

$this != security related

After spending some time researching this subject I discovered that the Gateway/Email configuration of postfix is supposed to run on a bastion host. The purpose of this configuration is to isolate the actual internal network smtp server from the internet.

As postfix is acting as an integral part of a firewall. I don't see how you can deem such a usage as not being security related.

I guess what I'm trying to say is that people who don't know what they are talking about shouldn't post.

:mad:

So, to be clear, you're trying to setup an SMTP server for you and your friends, so that they can send outbound email through your SMTP server, correct?

No this setup is for security reasons. One postfix is to run on a bastion host and is supposed to relay outbound mail to "CUSTOMERS" ( as in business clients ). The bastion instance should only accept smtp from the smtp server on my internal lan. It should not even accept smtp from any of my internal host except for the internal smtp server. This will prevent spammers from taking control of my smtp server.

A second postfix server will be running on the internal network. It has a two-fold purpose. Namely, to relay mail between internal clients on my network and secondly to relay mail that is internet bound to the postfix instance running on the bastion host. The postfix instance running on the bastion host will then relay mail that is internet bound to the appropriate destination over the internet.

Like this:

Internet <-- Postfix (bastion) <-- Postfix (internal)
<-->Internal Network

This should not be difficult to understand, since such configs are typical in modern firewalls and DMZs. That's why I find it frustrating that people on the forum would think this is not security related. But I guess that's old hat. So back to your question.

The postfix instance on the bastion simply acts as a internet forwarder/proxy for the actual smtp server on my internal network. In this way the internal smtp server can be isolated from exploits over the internet which may give an attacker access to my internal network where databases and client's personal information might be stored.

This way if the attacker successfully exploits the postfix server running on the bastion, then this will only give him access to an unpriviledged user on the bastion host. If the hackers goal is to get to my internal servers, then he would have to crack into an account on the bastion host with root privs. Then he would have to get through yet another firewall to get to my internal lan.

In closing I must say that what I have just described is extremely security related. And if people on this forum are willing to dismiss such a discussion, which is typical of firewall construction, as , "not being security related", then I guess that why I haven't been able to get an answer to my question.