[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: postfix mail server



On Tue, Jan 15, 2008 at 11:27:06AM +0100, Stephane Durieux wrote:
> Building a mail server for 200/300 users (able to grow
> till a thousand) and as a newbie I need an advice
> 
> My choice a turned to postfix with virtual mailboxes,
> courrier-imaps, squirrel mail (https), postgrey and
> dspam spam, amavis and clamav against virus, iptables
> for undesired packets.
> 
> The "framework" is this one :
> all on the mail server except squirrelmail 
> 
> The problem is that someone has adviced me to put
> instead a front device with squirrelmail with iptables
> and squirrelmail with a ssh tunnel to smtp and imap
> services 
> 
> But I don t really understand the gain of that
> framework in terms of security or performance 

For CPU power, it could all be on one box.  For drive space, it could
all be on one box although that depends on the box.  For security, think
of it this way.  If it is all on one box, then you have all that open to
the internet.  The more stuff on a firewall, the more potential security
bugs to be exploited.  If you can afford to set up for this many users,
you can afford a simple box as a firewall.  The size of the firewall
depends on the speed of the internet connection.  The firewall is the
"iptables" stuff.  Assuming that you have total control over the network
between the firewall and the mail box, I don't see the need for an ssh
tunnel between the two.

This way, your mail server doesn't have to get bogged down handling port
scans, and other internet detritus.  Also, should that firewall be
compromised, at least initially your mail server isn't compromized.

As for iptables, shorewall is an easy yet powerful way to set that up.

Doug.


Reply to: