Security Basics mailing list archives
Email server+network architecture
From: dataclaus1 () hushmail com
Date: Mon, 13 Jan 2003 11:48:46 -0800
-----BEGIN PGP SIGNED MESSAGE----- Fellow list folk: Situation: My company is very restrictive on internet and email use. Only select users are allowed external use, and fewer still have unrestricted net access. Communications (email) with 'customer data' are not permitted outside the corporate perimter, including the DMZ. We do not wish to have all of our users able to pop3/smtp outside our corporate perimeter, even to the DMZ. We want an email schema as listed below: Inside<->Inside: all users Inside<->Outside: Only those designated by management Currently external mail is hosted by our ISP but saving that money would be nice. Thinking about a topology-based solution presents the following: I can set up a 'corporate' mail server Inside (and no external linkage)without much trouble. But then the external-permitted people have to manage two accounts, one for inside and one for external mail (since those having external mail are some of the least computer savvy, this is not the best answer). Research indicates that putting a mail server Inside and then configuring a conduit through our firewall is the least preferable option, as compromise would allow Inside access. We don't want to place the server in the DMZ because then we'd have to permit smtp/POP3 to all users outside, and this does not meet the 'no customer data Outside' criteria. It seems I'm between a rock and a hard place. Have I missed something? Encryption may be an option, but is not implemented currently and we would still reqire a policy change (read slow Board proposal/approval process) before this would be a solution for a DMZ mail server. Any suggestions as to a topology or other creative solution that would work would be greatly appreciated. -----BEGIN PGP SIGNATURE----- Version: Hush 2.2 (Java) Note: This signature can be verified at https://www.hushtools.com/verify wl8EARECAB8FAj4jF4YYHGRhdGFjbGF1czFAaHVzaG1haWwuY29tAAoJEMX8YnuPyP0P y+wAnjEdzxS5cU76zQvHH22xhxv9JV0aAJ4zLBIJTQyaNscrlpSRKzId947SMw== =VmcP -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427
Current thread:
- Email server+network architecture dataclaus1 (Jan 15)
- RE: Email server+network architecture Burton M. Strauss III (Jan 16)
- RE: Email server+network architecture Robert Buel (Jan 18)
- RE: Email server+network architecture Burton M. Strauss III (Jan 16)