1 |
Two things, well several things, really. You need more than one mail server, |
2 |
or you need a store-and-forward mx in case your mail server goes down. |
3 |
Second, I'd make sure you put antivirus and spam guards on the mail server, |
4 |
and that it's beefy enough to handle the traffic. A good split is to put a |
5 |
bastion mail server doing antivirus and spam checks, but no user verification |
6 |
outside the firewall (or inside a non-natting firewall), and have him just |
7 |
forward everything to a secure mail server inside. put the secure mail |
8 |
server with a non-routable ip, and the bastion mail server with one public |
9 |
ip, and one non-routable, to talk to the secure mail server. Make sure both |
10 |
mail servers are up-to-date and kept up to date patchwise. Run NO other |
11 |
services (except maybe ssh) on either server. |
12 |
On Monday 24 October 2005 10:29, Mark wrote: |
13 |
> Can anyone who has done it comment on the downside (if any) of bringing |
14 |
> email in-house, as opposed to continuing to pay a hosting provider? My plan |
15 |
> is to have a separate server, sitting by itself in the DMZ, so the internal |
16 |
> LAN should remain relatively safe. The DSL provider we use will host the |
17 |
> DNS records (MX). We have a top-notch firewall already in place, but this |
18 |
> is the first step we've taken toward making anything available inbound, so |
19 |
> I'm cautiously optimistic. |
20 |
> |
21 |
> -- |
22 |
> Mark |
23 |
> [unwieldy legal disclaimer would go here - feel free to type your own] |
24 |
|
25 |
-- |
26 |
John Jolet |
27 |
Your On-Demand IT Department |
28 |
512-762-0729 |
29 |
www.jolet.net |
30 |
john@×××××.net |
31 |
-- |
32 |
gentoo-user@g.o mailing list |