Hi Everyone,
I have set up a mail server (on a VM) as per this article:
http://workaround.org/ispmail/lenny
I wish to host this server for a customer. However, I don't think it's "best
practise" to simply place the whole VM in a DMZ and port forward to it. My
question is, what should I do and what should I "split up"? The networks I have
available to me are:
- Public Subnet (Has external IPs)
- DMZ Subnets (Highly secure subnet with limited access to other hosts. Ports
are fordwarded to DMZ servers for incoming services, and outbound access from
these DMZ server is strictly limited to a "need-to" basis)
- LAN Subnet (Speaks for itself)
I do believe that by putting the email server VM in the DMZ, if it were to get
compramised, I feel that the DMZ firewall rules would give the rest of my
network protection. However, it's game over for my customers' emails though!
Any help or advise on how I could "split" things up would be appreciated.
Thanks
