On Sat, 6 Jan 2001 suse@diplan.de wrote:
thanks first.
actually my thoughts trouble more about having the Email of the company lying "around" on the DMZ server. Wouldn't it be just better to get it away into the internal net as soon as possible?
Secondly to get the Email by POP I have to have the user accounts on the machine, including the pop password which is the default unix password on that machine. Being able to forward the received mail immediately to my internal server in a secure way I could get rid of that possible problem. Users could then get the mail from the internal server. Of course I want to keep my receiving sendmail on the DMZ.
rainer
--
Maybe I'm reading this too simple, but isn't it easier to have sendmail relay mail to your internal net?? Keep the dmz machine as main MX for your domain, have it receive the mail, and then alias all your users to the machine on the internal net. That would mean all external mail would arrive at the dmz machine, which would accept it and then forward it to your internal net. Then you only need to allow that connection through your firewall. Minimum hassle, no double user accounts. In fact, your dmz machine wouldn't even need user accounts. good luck Stefan BTW: POP sucks. try apop or imaps