Some organizations will require that any data entering
an organization must pass through a proxy server configured in a
De-Militarized Zone (DMZ) that is managed by one or more firewalls. This means
running a copy of the mail server on the public side of the organizations
firewall(s) and having this server pass mail on to the internal mail server
through a private separate
The simplest way to use MailEnable in a DMZ is to simply smarthost the
domains (or entire connector) on the front-end (DMZ) server to the IP address of
the back-end server. The issue here is that the front-end server will pass on
any mail for the smarthosted domains (rather than just those addresses that
have been mapped to mailboxes). As such, any mail sent to bogus addresses will
bounce when the front-end server attempts to deliver them to the back-end server. To
overcome this, the front-end server
would be configured not to generate NDRs or Delivery Delay notifications (under the Properties of the SMTP connector).
The alternative/extension of this is to replicate some of the configuration from the backend server to the front-end server, hence allowing the front-end server to reject attempts to send to invalid domain addresses.
This is achieved as follows:
1. Configure the respective postoffices and domains on the front-end (DMZ) server (Note: do not configure any mailboxes/addresses for the domains).
2. Initially (and periodically) copy the CONFIG\ADDRESS-MAP.TAB file to the front-end server (hence allowing the front-end server to know the addresses configured under the back-end server).
3. Once this is done, the front end server will try to deliver to the local message store (via the postoffice connector). To prevent this, force/relay messages outbound via the SMTP connector. This can be done using the force route utility to force the delivery of local domains to the backend server.
MailEnable cannot authenticate with SMTP through CISCO PIX Firewalls: Article ME020159
How to configure the infrastructure required to host a mail server: Article ME020047
|Product:||MailEnable (All Versions)|
|Keywords:||firewall firewalled dmz back end backend back-end front end front-end dmz de|
|Class:||INF: Product Information|
|Revised:||Wednesday, May 4, 2016|