We run a Linux box (LRP) as a firewall on our office network. Currently
ports 25 and 110 are portforwarded to an internal server which runs qmail
(on RedHat 7.0).
Is there any point in setting up a forwarding-only version of qmail (perhaps
using QMTP?) on the firewall box, or on a separate box in say a DMZ? I know
a 'mail proxy' like this is recommended for Sendmail in some network
security books, and if we did it then the internal box would have no ports
open to the outside world*, but with qmail's inherent security, is it
necessary?
*although as I type this I'm guessing that POP3 would still need to go
through to the internal server due to the user's home directories being on
there
Comments appreciated,
Regards
John
