Results 1 to 9 of 9

Thread: [SOLVED] security security security

  1. #1
    Bart Hostens is offline Junior Member
    Join Date
    Dec 2009
    Posts
    6
    Rep Power
    5

    Default [SOLVED] security security security

    Is driving me nuts.

    I am testing open source ZIMBRA, and I really like it ..I am a total beginner but I begin to know the way it works

    Now I want to give sales people access to the webmail in the most secure way.

    So the first plan was to install 2 servers , 1 internal and 1 in DMZ.
    Only the users created on DMZ can access webmail from outside, the others not...
    But then I have a problem with synchronisation.

    I got a hint by installing only 1 in internal network and install a kind of gateway server in DMZ. but I still have to figer this out..

    What is now the most secure way to give access to webmail from outside the company.

    Help...

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,470
    Rep Power
    56

    Default

    Why not use https and just install one server on a LAN IP behind your NAT router then forward only the necessary ports to that?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Bart Hostens is offline Junior Member
    Join Date
    Dec 2009
    Posts
    6
    Rep Power
    5

    Default

    is this the most secure way then?

    when we use https then it is port 443 that i have to forward.

    so no server in dmz then?

  4. #4
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,470
    Rep Power
    56

    Default

    Well, you'd need port 25 & 443 plus any submission ports that remote users use (for fat clients) such a port 587. If you want to use a DMZ then look at the Multi-Server Installation Guide in the docs link at the top of this page and see if that suits your needs better. You would be advised to use some form of auditing on your Zimbra server to make sure all is OK (including and RootKit hunters etc.) and nothing is there that shouldn't be.

    BTW, what is your company policy or preference for this type of server set-up?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    Bart Hostens is offline Junior Member
    Join Date
    Dec 2009
    Posts
    6
    Rep Power
    5

    Default

    Can I use multi user and ldap replication for example?

    But ldap replication is for alle users on both servers i suppose..

    You see , i am a bit drowning in all the possibilities...

    The company policy was to install 2 servers , one internally and one in DMZ.

    But I am really afraid for the synchronization between these 2 servers...and the work i will have to control the system

  6. #6
    dave_kempe is offline Partner (VAR/HSP)
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    291
    Rep Power
    9

    Default

    maybe just install an nginx reverse proxy in the dmz. caters for webmail and imap users.
    http://www.solutionsfirst.com.au/hosting/zimbra/
    Australia's premier Zimbra Hosting Partner
    Resellers wanted!

  7. #7
    Bart Hostens is offline Junior Member
    Join Date
    Dec 2009
    Posts
    6
    Rep Power
    5

    Default

    i will dive in to the documentation to find out

    thx!

  8. #8
    bradrose90 is offline New Member
    Join Date
    Dec 2009
    Posts
    3
    Rep Power
    5

    Default Setup one email server and a dmz

    Just create one server and stick it in your DMZ. Open a port on your firewall and direct SMTP traffic to it.
    Open a port web/smtp or both into the DMZ from your trusted.
    Now you can, on an individual basis allow people to send/receive email...

    Good luck.
    Brad


    Quote Originally Posted by Bart Hostens View Post
    Is driving me nuts.

    I am testing open source ZIMBRA, and I really like it ..I am a total beginner but I begin to know the way it works

    Now I want to give sales people access to the webmail in the most secure way.

    So the first plan was to install 2 servers , 1 internal and 1 in DMZ.
    Only the users created on DMZ can access webmail from outside, the others not...
    But then I have a problem with synchronisation.

    I got a hint by installing only 1 in internal network and install a kind of gateway server in DMZ. but I still have to figer this out..

    What is now the most secure way to give access to webmail from outside the company.

    Help...

  9. #9
    Bart Hostens is offline Junior Member
    Join Date
    Dec 2009
    Posts
    6
    Rep Power
    5

    Default

    Thanks for the replies!!

    I found a real expert in linux and he helpt me through this.

    We installed apache2 php & mysql

    changed apache2.conf like :
    add following lines :

    ServerName zimbra.example.be
    ServerAdmin root@zimbra.example.be
    RewriteEngine On
    ProxyPassReverse / http://192.168.9.99/
    ProxyPass / http://192.168.9.99/

    <Location />
    order allow,deny
    allow from all
    AuthName "only for registered users"
    AuthType Basic
    AuthUserFile "/etc/httpd/passwd.httpd"
    <Limit GET>
    require valid-user
    </Limit>
    </Location>

    we made a passwd.http file with username and password in
    htpasswd -c /etc/httpd/passwd.httpd username

    restarted apache 2 servers

    and it worked!! Now a little fine tuning and it is up and running.

    thanks to the expert, he really teached me well!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] Zimbra logwatch.
    By nishith in forum Administrators
    Replies: 5
    Last Post: 06-10-2009, 04:42 PM
  2. ZIMBRA Security through iptables.
    By nishith in forum Administrators
    Replies: 2
    Last Post: 06-06-2008, 10:51 PM
  3. DelegateAuth in audit.log
    By Krishopper in forum Administrators
    Replies: 2
    Last Post: 05-17-2007, 05:08 AM
  4. Security Vulnerability Alert
    By jholder in forum Announcements
    Replies: 0
    Last Post: 04-21-2007, 01:34 PM
  5. High Performance, Security, Redundancy
    By gjhorne in forum Installation
    Replies: 1
    Last Post: 03-30-2007, 11:29 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •