Results 1 to 5 of 5

Thread: external DMZ server, relaying on only valid recipients to Zimbra

  1. #1
    stephanhughson is offline Junior Member
    Join Date
    Jun 2008
    Posts
    5
    Rep Power
    7

    Smile external DMZ server, relaying on only valid recipients to Zimbra

    Hi,

    We have a server in our company DMZ (plain Ubuntu 8.10 with Postfix, no Zimbra). It speaks to the outside world for us and the Zimbra server stays within our normal network.

    Is there any way to make Postfix on our "relay" server check against the Zimbra server for an access list of allowed recipients? My guess is that this is commonly asked, but I couldn't find it on a search. Sorry if this has come up before...

    If anyone has done it, what method did you use?

  2. #2
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Well you have to possible options 1) dynamically check LDAP on your remote ZCS server for valid recipient 2) Create a dump of your ZCS user accounts using zmprov and ship it to your front-end MTA. Which would you like to do ? Pros/Cons with both of them.

  3. #3
    stephanhughson is offline Junior Member
    Join Date
    Jun 2008
    Posts
    5
    Rep Power
    7

    Default

    Thanks. Here are the good/bad points I can think of for each. If anyone can think of more, or finds that I'm wrong, please let me know.

    Option 1)

    Might not work if the Zimbra server became unavailable (although Postfix could likely be told to check the access list, then deliver anyway if the list returned an "I don't know" or timeout error)

    Might need ports opened between the DMZ and the Zimbra server inside the normal network.

    Could be a little slower, but I doubt it would be anything worth thinking about.

    Would update right away when a user was added/removed from Zimbra.

    Option 2)

    Would definitely work if the Zimbra server was offline.

    Might be faster.

    Would only update as fast as the cron job that ran it told it to update.

    Both options)

    Would need me to get a list of distribution lists, aliases and any other e-mail addresses that weren't user accounts as well as the list of users.


    I think I'll go with option 2. Probably setting up authorised keys so that the Zimbra server can scp or rsync the list of users across to the DMZ server via cron.

    If anyone has any advice before I go ahead or has already done this, please let me know.

    Thanks again.

  4. #4
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Have a read through How can I get a list of all "account alias" ? as that should help in getting the information.

  5. #5
    stephanhughson is offline Junior Member
    Join Date
    Jun 2008
    Posts
    5
    Rep Power
    7

    Default

    Thanks very much for that link. I've done it and it's working very nicely.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 8
    Last Post: 01-20-2009, 01:06 PM
  2. [SOLVED] parts_decode_ext error
    By jsabater in forum Administrators
    Replies: 7
    Last Post: 10-13-2008, 07:24 AM
  3. 4.5 Upgrade failure
    By brained in forum Installation
    Replies: 9
    Last Post: 03-03-2007, 03:30 PM
  4. Replies: 8
    Last Post: 02-27-2007, 04:10 AM
  5. dspam logrotate errors
    By michaeln in forum Users
    Replies: 7
    Last Post: 02-19-2007, 12:45 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •