Multiple Zimbra Server install to satisfy DMZ requirement

[mikeyes]

I have a rather harsh DMZ requirement to satisfy.

I have an internal network and a DMZ network. My existing mailserver is located on the internal network. Inbound connections from the internet on port 80 and 443 are only allowed to the DMZ. Connections from the DMZ to the internal network are not allowed unless the connection is initiated from the internal network.

I want to setup my new mailserver and allow users to access the new server with web and mobile capabilites.

Is there a way with Zimbra to setup a server on the internal network as my main mailserver and setup a "replication" server on the DMZ. Can this be setup so that the main mailserver will initiate the connection with the replication server in the DNZ? If the setup is possible then can my users access either the internal mailserver or access the replication server via their mobile devices and have the system act like it were a single server?

I have ~20 users that will use this system.

Thanks

[premoddev]

Hi Mikeyes,

Install two zimbra servers, one in internal network and one in DMZ in a way, share the LDAP service between these two servers (Zimbra Multi server installation). You can manage these two servers from a single admin console.

Read the multi server installation guide http://www.zimbra.com/docs/ne/4.5.10...stall.5.1.html


Thanks,

#!Premod

[mikeyes]

Quote:

Originally Posted by premoddev

Hi Mikeyes,

Install two zimbra servers, one in internal network and one in DMZ in a way, share the LDAP service between these two servers (Zimbra Multi server installation). You can manage these two servers from a single admin console.

Read the multi server installation guide Multiple-Server Installation


Thanks,

#!Premod

Thank you. The problem with this is message replication will not occur between the two servers. I have done some more research and the functionality (full server replication) I am looking for looks like it will be included in Zimbra version 5.5. I have no idea when that is due out but I might have to wait until then or find a different mail product.

[fernandoflorez]

Sorry i'm not getting you but why do you need 2 servers? Why don't you move your server to DMZ and thats it?

[mikeyes]

Quote:

Originally Posted by __proto__

Sorry i'm not getting you but why do you need 2 servers? Why don't you move your server to DMZ and thats it?

I need the server in the DMZ to do ldap and pop3 polling of external accounts from other mailservers on the internal network. The DMZ cannot communicate with the internal network unless the connection initiates from the internal network. I agree the DMZ restrictions are what limit me but I cannot control them.

If Zimbra could replicate between servers (hopefully available in 5.5) then I could put one server on the internal network and have it do my pop and ldab pulling, then have another server on the DMZ. The two servers would keep in sync and my mobile devices could poll the server in the DMZ.

[fernandoflorez]

If you have servers on your internal network why do you have a DMZ?

Sorry i can't you muc with your problem but i want to understand what do you have, maybe this way i can help you with smth outside zimbra.

[mikeyes]

It is a weird situation and one most people would not be faced with.

In our current situation we have internal existing email servers. They have restrictions placed on them and I do not have full administrative control over them.

My desire was to put in a Zimbra server that would use either IMAP or POP to pull email for the existing email servers into itself. Once on the Zimbra system I would have more control over the email and have the ability to sync with windows mobile devices.

If the DMZ restriction was not in place I would just locate a single Zimbra server in the DMZ and IMAP or POP mail off the internal servers. Because of the DMZ restriction I would have to locate the Zimbra server on the internal network which prevents my windows mobile devices from syncing with the Zimbra server.

What I will probably do is setup a Zimbra server on the internal network and find a way to VPN the windows mobile devices so that they can get to the Zimbra server without using the DMZ. Then if a future version of Zimbra is released that support entire server replication I can put a second Zimbra server in the DMZ and let the windows mobile devices talk directly to the replication server.