Maybe this is an ignorant question but I'm not afraid of admitting my own ignorance. . .why not just have one Zimbra server in the DMZ which handles the whole load? If you have a DMZ, that obviously means you have some level of packet filtering, DNAT/SNAT, etc. available to you in your firewall/router, so just restrict what ports are routed from the public (or private) networks to your server and you should be fine. If I'm missing something from a security perspective, what is it that you are trying to accomplish by having your main Zimbra server on the LAN that you couldn't do with properly-designed packet filter rules in the DMZ?
As to your proxy question, I do not think that one Zimbra machine could act as proxy to a second Zimbra machine as you are describing. I believe you would have to set up a separate proxy server on your DMZ to accomplish this.
__________________
Cheers,
Dan
|