If you secure your daemons properly, it is not insecure to give
customers direct access to the server. Even if they don't have direct
access to the servers IP, they are still able to talk to the server
using inherently insecure protocols like SMTP, IMAP, POP3, etc...
If you are running an ISP email system, then most likely you will have
multiple SMTP/IMAP/POP3 servers to handle the load. As the customer
will be on their network, any privatized addresses will be available
to the customer anyway. Most ISPs will use a small range of IPs to
handle their mail needs. Or one per server. This to help facilitate
the fact that customers will eventually get your addresses black
listed by other mail providers. If you use just 1 IP for everyone,
then everyone is completely out of luck, and in addition to the mess
you have to clean up, your phone will be ringing off the hook.
I think I've found a better solution to my problem:
My setup will have these components:
"Central Database" created by PostfixAdmin, which all the components can
use.
"Customer Servers" which will run Postfix and Dovecot
"SMTP-In" mx server, for receiving mail from the public and forwarding
them to the correct customer server using transport maps
"SMTP-Out" server, for customers to authenticate with and send out
emails to the internet
"IMAP Proxy", for customer to connect to, to retrieve their email. This
will run Perdition and is able to proxy IMAP requests to the correct
customer server.
PostfixAdmin can be used for administration.
I guess that since all the customer servers would be using the same
database, they would have the potential to accept mail for all
customers, but I guess that since the SMTP port for those boxes isn't
open to the public, that will never happen, right?
I hoping that my above solution will spread the load
What you think?
