You should run a secure mailserver in your DMZ such as postfix on a completely stripped down box. You can also chroot postfix easily (no local delivery eh) and only the master program (30k or so) runs as root (and if that's flawed I'ds be pretty surprised). If you are super paranoid there are ways to pull the mail from internally, however there are some issues with this: fetchmail: reasonably complicated, has had flaws, adding complexity means more room for bugs which means more things to attack UUCP: you can do this over the network you know, of course uucp has a pretty bad track record (prolly safe but I wouldn't do it) spool mail up into a single file then use something like ftp/rsync to pull it: delays, complicated, etc. If I had to do this I'd go with a postfix based relay in the DMZ, have it forward on to the internal mail server. Way less maintenance too (fetchmail, gyeah). If I was really paranoid and had money I'd use an airgap server between the DMZ and internal lan such as: http://www.whalecommunications.com/fr_0200.htm So ends today's lesson =). Goodnight and drive safely. Kurt Seifried, seifried@securityportal.com Securityportal - your focal point for security on the 'net