Zimbra webmail, separate in a dmz server

[fjmarquez]

Hi friends,

I want configure the webmail part of zimbra on a server in DMZ, separate of all other components. The idea is keep the webmail component apart of all zimbra components, as currently I have squirrelmail.

Does it possible?

I have been reading the multi-server installation guide: http://www.zimbra.com/docs/ne/latest...on_Server.html

but I don't find any relative to a webmail package.

Regards

[phoenix]

Quote:

Originally Posted by fjmarquez

I want configure the webmail part of zimbra on a server in DMZ, separate of all other components. The idea is keep the webmail component apart of all zimbra components, as currently I have squirrelmail.

Does it possible?

The simple answer is, that's not possible.

[fjmarquez]

then, all my mails should be in DMZ for can offer an external webmail service? This is buggy from a security point of view....

[phoenix]

Quote:

Originally Posted by fjmarquez

then, all my mails should be in DMZ for can offer an external webmail service?

Then don't put it in the DMZ.

Quote:

Originally Posted by fjmarquez

This is buggy from a security point of view....

No, it not - put the server in your LAN.

[fjmarquez]

Quote:

Originally Posted by phoenix

Then don't put it in the DMZ.

No, it not - put the server in your LAN.

If I do it, I'm allowing access from external sources directly to my LAN.

The DMZ is designed for hosted services wich can be accessed from remote clients, as a webpage or as a webmail.

If you put the webmail + mailstore in DMZ, you are storing the mails in a "non-secure" area.

If you put the webmail + mailstore in LAN, you are allowing direct access from the world and your LAN, so If your server is compromised, the hacker has access to your internal network.

The mails of users should not be in DMZ. And webmail should not be in LAN...

...

[andy204]

Quote:

Originally Posted by fjmarquez

Hi friends,

I want configure the webmail part of zimbra on a server in DMZ, separate of all other components. The idea is keep the webmail component apart of all zimbra components, as currently I have squirrelmail.

Does it possible?

I have been reading the multi-server installation guide: http://www.zimbra.com/docs/ne/latest...on_Server.html

but I don't find any relative to a webmail package.

Regards

Quote:

Originally Posted by phoenix

The simple answer is, that's not possible.

you can use squirrelmail if you do a setup like this:

squirrelmail -> mailproxy (e.g. perdition) -> zimbra store

if you have multiple backends you need some database / ldap where the mailhost of the user is stored.

kind regards

-andy

[fjmarquez]

Quote:

Originally Posted by andy204

you can use squirrelmail if you do a setup like this:

squirrelmail -> mailproxy (e.g. perdition) -> zimbra store

if you have multiple backends you need some database / ldap where the mailhost of the user is stored.

kind regards

-andy

I want replace squirrelmail, I don't want continue using it, but I don't understand why, an enterprise-level mail system as zimbra doesn't allow this configuration itself.

[andy204]

humm, you are using OSE or NE edition?

if you are using NE then why should that not be possible?

[fjmarquez]

Quote:

Originally Posted by andy204

humm, you are using OSE or NE edition?

if you are using NE then why should that not be possible?

You are saying that is not posible.... I've been reading the doc for multi-server installation and I don't found reference to a webmail component, so I don't know how can I separate the webmail from mailstore.

My idea is:

DMZ: MTA + webmail

LAN/BACKEND: Mailstore and all other components

[andy204]

ah, now i understand.. you want the the complete webmail component on an external server, not just the proxy?

sorry, was a misunderstanding.