| 1 |
Two things, well several things, really. You need more than one mail server, |
| 2 |
or you need a store-and-forward mx in case your mail server goes down. |
| 3 |
Second, I'd make sure you put antivirus and spam guards on the mail server, |
| 4 |
and that it's beefy enough to handle the traffic. A good split is to put a |
| 5 |
bastion mail server doing antivirus and spam checks, but no user verification |
| 6 |
outside the firewall (or inside a non-natting firewall), and have him just |
| 7 |
forward everything to a secure mail server inside. put the secure mail |
| 8 |
server with a non-routable ip, and the bastion mail server with one public |
| 9 |
ip, and one non-routable, to talk to the secure mail server. Make sure both |
| 10 |
mail servers are up-to-date and kept up to date patchwise. Run NO other |
| 11 |
services (except maybe ssh) on either server. |
| 12 |
On Monday 24 October 2005 10:29, Mark wrote: |
| 13 |
> Can anyone who has done it comment on the downside (if any) of bringing |
| 14 |
> email in-house, as opposed to continuing to pay a hosting provider? My plan |
| 15 |
> is to have a separate server, sitting by itself in the DMZ, so the internal |
| 16 |
> LAN should remain relatively safe. The DSL provider we use will host the |
| 17 |
> DNS records (MX). We have a top-notch firewall already in place, but this |
| 18 |
> is the first step we've taken toward making anything available inbound, so |
| 19 |
> I'm cautiously optimistic. |
| 20 |
> |
| 21 |
> -- |
| 22 |
> Mark |
| 23 |
> [unwieldy legal disclaimer would go here - feel free to type your own] |
| 24 |
|
| 25 |
-- |
| 26 |
John Jolet |
| 27 |
Your On-Demand IT Department |
| 28 |
512-762-0729 |
| 29 |
www.jolet.net |
| 30 |
john@×××××.net |
| 31 |
-- |
| 32 |
gentoo-user@g.o mailing list |
Archives