Gerald Mattison wrote:
>
>
> Questions
> ---------
> 1) Can mail be routed from a server with a
> routable internet address to a server inside
> a LAN?
>
Yes, there are ways to do this, provided you use sendmail.
As already pointed out, use mailertable.
Use, similar to above, but more modern virtuserable.
Use aliases mechanism.
There may be others I am not aware.
However, if you use a method other than aliases, note that
internal mail hub will require the way to recognize forwarded
mails are indeed legitmate mail relay, if internal mail server
is (also) sendmail.
> 2) If it cannot be routed, is the next best
> approach to use something like POP3?
>
I don't know using MDA between dmz and internal lan is the
-next-best- approach. But it bears its own virtue, simplicity.
And simplicity is almost always the best friend of security.
That said, you have a couple of elements to consider.
MDAs are constantly an honorable member of top vulnerability list.
Messages stay on dmz for a (short ?) duration.
There is a variety of authentication methods, weak and strong.
An MDA may have preferences on MUA and MTA, and vice versa.
O.k., the bare minimum to use such MDA would be: make sure the service
ports are accessible only to internal hosts.
horio shoichi
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
