Hi, Stefan Suurmeijer schrieb:
Maybe I'm reading this too simple, but isn't it easier to have sendmail relay mail to your internal net?? Keep the dmz machine as main MX for your domain, have it receive the mail, and then alias all your users to the machine on the internal net. That would mean all external mail would arrive at the dmz machine, which would accept it and then forward it to your internal net. Then you only need to allow that connection through your firewall.
But then, you need an open port from the DMZ into your internal net. I don't think that this is a good Idea. If your DMZ's Mailserver is compromised, your internal net could be compromised in an easy way. (Normaly you would have the same Mailserver/same Version with the same Bug in your internal net) With no open Ports from the DMZ to the local net, this should be harder. (I guess you can at least lock out Script Kiddies) Wouldn't it be possible to write a script on the internal Mailserver which fetches the Mail and run a cron job every couple of minutes to get the mail??
Minimum hassle, no double user accounts. In fact, your dmz machine wouldn't even need user accounts.
good luck
Stefan
BTW: POP sucks. try apop or imaps
Sven