All, I have a question regarding running a webmail client. I'm asked to make our users that have their mail on our internal IMAP based e-mailserver (Cyrus running on Solaris 8) able to check their mail through a secure webinterface from outside the company. Obviously this is a security risk for us and I'd like to get some input on what your experience is on this matter. This is what our network currently looks like: ------------------ ------------ | Firewall/Gateway | | Mailserver | ISP----| SuSE Linux 7.1 |--- Internal LAN---| | | | (192.168.1.0/24) | Solaris 8 | ------------------ ------------ This is a pretty simple setup, we also have a couple of external sites for which I run an IPSEC tunnel to using the gateway. The gateway will also be responsible for relaying SMTP mail from the outside to the mailserver which is located on the Internal LAN. The machine running the mailserver has quite a bit of sensitive information stored in addition to the e-mail which is served over NFS. What I was thinking about doing is this: ------------------- ------------ | Firewall/Gateway | | Mailserver | ISP----| SuSE Linux 7.1 |--- Internal LAN---| | \ |IP Masq for Int LAN| (192.168.1.0/24) | Solaris 8 | \ ------------------- ------------ \ | / SMTP/HTTP | ------- IMAP -------- \ | / SMTP \ | / ---------------- | DMZ Webserver | | SMTP gateway | | SuSE Linux 7.3 | ---------------- So I would allow SMTP and HTTP traffic between external hosts and the webserver on the DMZ network. IMAP traffic would only be allowed between the mailserver and the DMZ webserver. SMTP traffic to the mailserver would only be allowed from the DMZ host, not directly from the Internet. I can imagine cases where this would break, but an external hacker would really have to mess up the DMZ webserver to be able to attack the NFS exported storage on the mailserver. Obviously the mail is not going to be better protected then the users username/password pair. I have entered HTTP in the pictures but in reality I would use HTTPS for users entering the password for the mailserver. The software on the mailserver would be apache with mod_ssl and the webserver software would be squirrelmail which is based on php scripts. Regardning the SMTP software I was planning to use sendmail though I hear a lot of people recommending postfix instead. I'm not to concerned about sendmail configuration, I have resonably succesful being able to have sendmail do what I ask it to do. I also haven't heard about too many security flaws in sendmail (recent versions) where an external attacked could do harm (I would obviously not allow users to login to the gateway or on the DMZ host). Is it really worth learning a new SMTP MTA (postfix) for what it brings that sendmail doesn't have ? Any input appreciated ! Thanks Daniel Nilsson
attacked could do harm (I would obviously not allow users to login to the gateway or on the DMZ host). Is it really worth learning a new SMTP MTA (postfix) for what it brings that sendmail doesn't have ?
postfix was designed to make it easy for those who are shifting from sendmail. I was running sendmail for two years and shifting to postfix was very simple since they tried to reatin as much of the usual sendmail configuration files as possible though the actual operation is different and of course there is no complicated sendmail.cf to edit. Otherwise you can do an ipsec tunnel between the dmz web server and the mail server and of course use ssl. Noah.
participants (2)
-
Daniel Nilsson
-
ksemat@wawa.eahd.or.ug