Hello! I want to establish the following systems: A first firewall is set up to protect the DMZ and the internal LAN from the WEB A second firewall including an E-Mail-Filter and Proxies protects the LAN from the DMZ. My domain host can only deliver E-Mails if I request them with POP3. The E-Mail-Filter needs E-Mails send by SMTP. So I want to place a Linux-Box in the DMZ that gets all E-Mail from two providers and delivers them directly to the SMTP-Filtersystem on the 2nd firewall. This is thought to check for Virus, Spam etc and to send the filtered E-Mail to the internal Server. My problem: I do not have any idea on how to configure the Linux box in the DMZ to automatically poll the E-Mail by POP3, approx all 10 Minutes and to send this directly to the Filter-System. It needs to send ALL received E-Mail to the filter. Sadly I don´t have much time to do research on this and that´s why I ask you for help: Does anybody have a sample configuration for me or can tell me the source of a documentation on the web? Thank you for your answers, passed to ingo@doerrie-net.de in advance. Have a nice Easter Time! Greetz, Ingo
Ingo Doerrie wrote: [mail filter which only works via. smtp question]
Does anybody have a sample configuration for me or can tell me the source of a documentation on the web?
First of all, your setup is a littlebit oversized maybe: You can put a Mailserver into your DMZ which recives mails for some Domains if you need and fetches mails with fetchmail from your two pop3 boxes. So all mail will centralized on your DMZ Mailserver. On the mailserver run Postfix with amavis as content filter. All mail coming from the internet, no matter if via smtp or fetchmail (fetchmail will reinject the mail via. smtp to localhost:25 or anything else you specify), or sent from your lan thru the mailserver will be scanned for viruses (and if you use amavisd-new for spam). Then you just allow from inside your lan mailconnections to your mailserver into the DMZ and nothing else. That will protect your lan from viruses, your users can filterout spam and you don't need to setup two mailservers (and protect your lan better, cause if you allow your DMZ Mailserver to send mails into your Lan, everyone who compromises your DMZ Mailserver will probably able to break into your lan, too!)
Thank you for your answers, passed to ingo@doerrie-net.de in advance.
done. HTH and happy easter, Sven
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday 20 April 2003 16:16, Ingo Doerrie wrote:
Hello!
I want to establish the following systems:
<snip>
My problem: I do not have any idea on how to configure the Linux box in the DMZ to automatically poll the E-Mail by POP3, approx all 10 Minutes and to send this directly to the Filter-System. It needs to send ALL received E-Mail to the filter.
I use a cron job to collect all emails every 10 mins using fetchmail, and with the smtp server on that box configured to send it to your filtered center. (If that is the way you want it set up.) I use only one box for the collection, filtering, checking for virus & delivering.
Sadly I don´t have much time to do research on this and that´s why I ask you for help:
Does anybody have a sample configuration for me or can tell me the source of a documentation on the web?
Thank you for your answers, passed to ingo@doerrie-net.de in advance.
Have a nice Easter Time!
Greetz, Ingo
- -- A child of five would understand this. Send someone to fetch a child of five. Groucho Marx - ---------------------------------------------------- This mail has been scanned for virus by AntiVir for UNIX Copyright (C) 1994-2003 by H+BEDV Datentechnik GmbH. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+oxa8KiWi8VifhEkRAmALAKCm8ThUrO83/7Ks3jYpKlljDBsnZQCeNlCi ZC5bvYPWUDX4VYcTvLcpyqg= =WCZL -----END PGP SIGNATURE-----
participants (3)
-
Ian David Laws -
Ingo Doerrie -
Sven 'Darkman' Michels