July 28th, 2004, 03:00 AM
what's the logical place in the network for email server
i want to configure a debian email server & web server (on one machine) should this have a public ip on my DSL modem or should it be inside of my 192.168.0.* network and then i configure port forwarding from there
July 28th, 2004, 03:49 AM
well if you have it inside your network, you should have more security because of your router.......
if it is outside your lan, it will be open completely to the public, unless you install a firewall.....
July 28th, 2004, 05:43 AM
I second that, keep it in the network. It accomplishes the same thing anyway. You will use the same IP to get to it. What were you thinking of doing? Putting it in the DMZ? I use port forwarding for all my services, and it works like a charm. DMZ is unnecessary. Good luck and make sure you're not an open relay :P.
July 28th, 2004, 11:38 AM
heretic ... do you know a good tutorial or url on how to set up a email server and then config it to outlook clients
July 28th, 2004, 04:15 PM
Did you already decide what MTA you'll be running? Do you want to use all the features of outlook? Do you want the email to stay on the server (IMAP) or downloaded to the client (POP3)?
Experience is something you don't get until just after you need it.
July 28th, 2004, 07:18 PM
i really don't have enough experience to judge which is prefereble .. imap/pop3 although i know of these 2 (protocols - right????). whichever one is easier to configure. i installed sendmail & imap packages on my mandrake machine ... this gave me smtp & pop3 ports open, but because of lack of configuration the outlook could only see the servers but couldn't connect. mandrake has really weird file system and all the tutorials i could find had crucial files in different location.
so which is better/easier for out look.. imap/pop3??? (i thought it can handle most)
but i guess i would perfer for email to stay on the server
any tutorials... please... please
should i use qmail instead of (what i hear) old dinosaur sendmail
July 29th, 2004, 03:53 AM
The ideal setup (for a corporate environment for example) is to have a mail relay/filter in the dmz and have the actual mail server (where the e-mails are stored) in the protected network.
That said, this kind of setup requires more hardware, etc. and is often not an option.
For a simple mail server setup, it's best to have it reside in the dmz, and filter everything besides smtp and (if allowing access from the internet) pop3/imap (ideally encrypted) from the net to the server, only smtp from the server to the internet, and pop3/imap and smtp from the private net to the server. Just to state it explicitly, you should not allow anything from the dmz to the private network: the purpose of the dmz is to have a buffer zone where you allow public services but where if the server that service/server was to be compromised, would not give the attacker access to internal hosts.
For example, if you decide to setup your mail server inside your private network and forward port 25 to that internal server, if an exploit came up for your server software, and it were compromised, all your internal hosts would be in reach of the attacker because he then has your mail server for stepping stone...
Credit travels up, blame travels down -- The Boss