[Mailman-Users] mailman installation with DMZ
Brad Knowles
brad at shub-internet.org
Sun Jun 24 06:56:43 CEST 2007
On 6/23/07, Nick Airey wrote:
> Any thoughts would be much appreciated. I'm leaning towards switching
> to option (b), but I'm not sure exactly how to split the installation.
The reality is that there is no one single "Best Practice" for this
situation. What is Best Practice for your site might be considered
totally unacceptable somewhere else.
For example, the Mailman code is written in such a way as to be as
robust as it can be in the face of whatever potential additional
problems that using NFS might present. So, in theory, putting all of
Mailman on NFS should "just work".
But I know plenty of people who would run screaming in terror at the
thought of running NFS in their DMZ. If that works for you, then you
should be okay. But other sites might feel differently.
My personal suggestion would be to have a minimal MTA+Mailman+web
server on the machine in the DMZ, and tightly control the inputs and
outputs from the machine in both directions, perhaps with a front-end
web proxy that is appropriately secured, application-level gateway
filter for the incoming and outgoing mail, etc....
But just because that's my personal preference doesn't necessarily
make that a "Best Practice" that should be implemented everywhere --
other sites might prefer the NFS solution, or maybe something else.
--
Brad Knowles <brad at shub-internet.org>, Consultant & Author
LinkedIn Profile: <http://tinyurl.com/y8kpxu>
Slides from Invited Talks: <http://tinyurl.com/tj6q4>
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
More information about the Mailman-Users
mailing list