Quote:
Originally Posted by milesteg  Well, the truth is that I had not thought about that... Until now we have the mailhub with mailboxes in our LAN because it's supposed to be the most secure zone; if the DMZ host is compromised (it's offering some more services, as http), a possible attacker could get access to every personal message. |
Remember a DMZ is a network, not just a host. You could have multiple servers on the DMZ and (assuming a sufficiently advanced firewall/router) still not allow one compromised machine to talk to another. Packet filtering, and DNAT/SNAT both provide for even tighter lockdown. Sure, if your Zimbra machine is compromised, it's possible that the hacker would have access to your messages, but if you only allow port 25, 443, (even 80), and maybe the secure IMAP/POP ports, access from the outside--even a compromised machine could be pretty tough to control.
Quote:
Originally Posted by milesteg This is the scenario we try to avoid using two different servers in two different networks... I suppose if the DMZ host is really secured this should not be an issue, but... who is really secure nowadays? :-) |
True of course, but as I pointed out above, it's not merely the security of your host that is an issue. Proper routing/firewall configuration provides a pretty substantial level of security on top of that.
I'm not saying that the further level of a mail server inside the LAN is not even more secure--obviously it is. I am questioning, rather, if that level of security is necessary. And if it is, I would recommend instead that your users who need webmail access from outside could first access your LAN via a secure VPN (good firewalls now offer SSL VPN instead of PPTP or L2TP even), then check their mail over the VPN.