 Re:
Well, the truth is that I had not thought about that... Until now we have the mailhub with mailboxes in our LAN because it's supposed to be the most secure zone; if the DMZ host is compromised (it's offering some more services, as http), a possible attacker could get access to every personal message. This is the scenario we try to avoid using two different servers in two different networks... I suppose if the DMZ host is really secured this should not be an issue, but... who is really secure nowadays? :-) |