How to use MailEnable in a Firewalled DMZ / Back-End Server Scenario
SUMMARY
Some organizations will require that any data entering
an organization must pass through a proxy server configured in a
De-Militarized Zone (DMZ) that is managed by one or more firewalls. This means
running a copy of the mail server on the public side of the organizations
firewall(s) and having this server pass mail on to the internal mail server
through a private separate
network.
DETAIL
The simplest way to use MailEnable in a DMZ is to simply smarthost the
domains (or entire connector) on the front-end (DMZ) server to the IP address of
the back-end server. The issue here is that the front-end server will pass on
any mail for the smarthosted domains (rather than just those addresses that
have been mapped to mailboxes). As such, any mail sent to bogus addresses will
bounce when the front-end server attempts to deliver them to the back-end server. To
overcome this, the front-end server
would be
configured not to generate NDRs or Delivery Delay notifications (under the Properties of the SMTP
connector).
The alternative/extension of this is to replicate some of
the configuration from the backend server to the front-end server, hence
allowing the front-end server to reject attempts to send to invalid domain
addresses.
This is achieved as follows:
1.
Configure the respective postoffices and domains on the front-end (DMZ) server (Note:
do not configure any mailboxes/addresses for the domains).
2. Initially (and periodically)
copy the CONFIG\ADDRESS-MAP.TAB file to the front-end server (hence allowing the
front-end server to know the addresses configured under the back-end server).
3. Once this is done, the front
end server will try to deliver to the local message store (via the postoffice
connector). To prevent this, force/relay messages outbound via the SMTP
connector. This can be done using the force route
utility
to force the delivery of local domains
to the backend server.
MORE INFORMATION
MailEnable cannot authenticate with SMTP through CISCO PIX Firewalls: http://www.mailenable.com/kb/content/article.asp?ID=ME020159
How to configure the infrastructure required to host a mail server: http://www.mailenable.com/kb/content/article.asp?ID=ME020047
| Product: | MailEnable (All Versions) |
| Article: | ME020359 |
| Module: | General |
| Keywords: | firewall,firewalled,dmz,back,end,backend,back-end,front,front-end,de |
| Class: | INF: Product Information |
| Revised: | Wednesday, May 4, 2016 |
| Author: | MailEnable |
| Publisher: | MailEnable |
- Mail Server
- Overview
- Features
- Comparisons
- Solutions
- Product Editions
- Feature Matrix
- Webmail Demo
- Video Gallery
- Migrate To MailEnable
- Testimonials