Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page external DMZ server, relaying on only valid recipients to Zimbra

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 02-10-2009, 07:08 AM
Junior Member
  
Posts: 5
Smile external DMZ server, relaying on only valid recipients to Zimbra
Hi,

We have a server in our company DMZ (plain Ubuntu 8.10 with Postfix, no Zimbra). It speaks to the outside world for us and the Zimbra server stays within our normal network.

Is there any way to make Postfix on our "relay" server check against the Zimbra server for an access list of allowed recipients? My guess is that this is commonly asked, but I couldn't find it on a search. Sorry if this has come up before...

If anyone has done it, what method did you use?
Reply With Quote
  #2 (permalink)  
Old 02-10-2009, 08:01 AM
Moderator
  
Posts: 7,928
Default
Well you have to possible options 1) dynamically check LDAP on your remote ZCS server for valid recipient 2) Create a dump of your ZCS user accounts using zmprov and ship it to your front-end MTA. Which would you like to do ? Pros/Cons with both of them.
__________________
Reply With Quote
  #3 (permalink)  
Old 02-10-2009, 08:16 AM
Junior Member
  
Posts: 5
Default
Thanks. Here are the good/bad points I can think of for each. If anyone can think of more, or finds that I'm wrong, please let me know.

Option 1)

Might not work if the Zimbra server became unavailable (although Postfix could likely be told to check the access list, then deliver anyway if the list returned an "I don't know" or timeout error)

Might need ports opened between the DMZ and the Zimbra server inside the normal network.

Could be a little slower, but I doubt it would be anything worth thinking about.

Would update right away when a user was added/removed from Zimbra.

Option 2)

Would definitely work if the Zimbra server was offline.

Might be faster.

Would only update as fast as the cron job that ran it told it to update.

Both options)

Would need me to get a list of distribution lists, aliases and any other e-mail addresses that weren't user accounts as well as the list of users.


I think I'll go with option 2. Probably setting up authorised keys so that the Zimbra server can scp or rsync the list of users across to the DMZ server via cron.

If anyone has any advice before I go ahead or has already done this, please let me know.

Thanks again.
Reply With Quote
  #4 (permalink)  
Old 02-10-2009, 08:22 AM
Moderator
  
Posts: 7,928
Default
Have a read through How can I get a list of all "account alias" ? as that should help in getting the information.
__________________
Reply With Quote
  #5 (permalink)  
Old 02-13-2009, 01:54 PM
Junior Member
  
Posts: 5
Default
Thanks very much for that link. I've done it and it's working very nicely.
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.