Results 1 to 4 of 4

Thread: Question related to DMZ

  1. #1
    k_k
    k_k is offline Active Member
    Join Date
    Nov 2008
    Posts
    46
    Rep Power
    6

    Default Question related to DMZ

    Hi,

    in our current setup, mail server is connected in internal network as mentioned below :


    internet request --> Firewall --> Network load balancer --> zimbra mail server.


    Our client are using outlook + zimbra web mail.

    below ports are open on internet :
    25
    465
    993
    995
    443 --> for webmail
    80 --> for antivirus update

    We are supporting 1000 users with 2 different domains on single server installation...and may be in future we will migrate to multi-server installation for horizontal scalability.

    Now our architecture team is suggesting to move mail server to DMZ network.
    I gone through few DMZ related post in this forum..

    I just need to understand is this a best practice ? And which things we need to consider as per security aspect ??

    Please help.


    Thanks in advance.

  2. #2
    k_k
    k_k is offline Active Member
    Join Date
    Nov 2008
    Posts
    46
    Rep Power
    6

    Default

    can anyone please guide me for the same ?

  3. #3
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,582
    Rep Power
    57

    Default

    Quote Originally Posted by k_k View Post
    can anyone please guide me for the same ?
    Why not ask your architecture team why they want to do that? As far as I'm concerned putting any server in the DMZ is the same as putting it on an exposed internet IP address and totally insecure, you need to (very) carefully consider what needs to be done. If you don't know what you're doing I'd advise you to get some expert advice on setting-up a server in a DMZ.

    You could also start with some articles from the internet:

    SolutionBase: Deploying a DMZ on your network
    +"best practice" +dmz +"mail server" - Yahoo! Search Results
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  4. #4
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    If you are wishing to use a DMZ then go for a multi-server setup and proxy connections through to the backend. I am guessing your architecture team are trying to eliminate an attack vector by moving the server outside of the internal network.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Architecture question related to licensing
    By Brutus I in forum Administrators
    Replies: 3
    Last Post: 10-11-2010, 07:54 AM
  2. Spam question (all related)
    By dlochart in forum Administrators
    Replies: 3
    Last Post: 07-24-2007, 08:58 AM
  3. Multiple Domains Question
    By kristiaan_d in forum Administrators
    Replies: 2
    Last Post: 03-14-2007, 04:38 AM
  4. Zimbra, DMZ or Internal install?
    By jnappi in forum Installation
    Replies: 1
    Last Post: 02-20-2006, 07:29 PM
  5. another SOAP related dumb question...
    By antonio.meireles in forum Administrators
    Replies: 2
    Last Post: 10-17-2005, 11:58 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •