Hello,
We had to move our mail server from orange to green LAN and now there is a new problem:
In orange there are 2 servers - one Linux for VoIP and a Windows-Server for special things. Now I can’t find a way to use our own mail server to relay system mails from this 2 machines to domain admin. I don’t like pinholes orange→green port 587 to the mail server - or is this paranoid ?
At the moment I use an external smart host (web.de) for transmission. Is there a better solution ?
Paranoid, especially if you restrict the machines which can use the pinhole.
I don’t know the environment, the reason for that network setup and why mail server has been moved from a reasonable place (is actually accessible RED/WAN so using ORANGE/DMZ is a sensible choice)…
However
While IpFire define it as “pinhole” (which usually I consider a port forwarding) in my opinion this is a “simple” firewall rule.
You could use on mailserver some rate limiting rules, or relaying costrains…
I find a bit useless/wasteful realize some VPN between your servers and your mailserver (tunneling SMTPS traffic… inside your network? i mean…) and natting/port-forwarding the mailserver delivers less tailored policy (firewall rules could be created for server ip-addresses or ip-address group…)
Again… i don’t know the reasons behind this network structure.