RE: Email server+network architecture

["Burton M. Strauss III" <BStrauss () acm org>]

Thoughts ...

There doesn't have to be ONE DMZ.  You can create as many DMZes as you want,
provided you have sufficient external IP addresses and put the right
firewalls in place.

Or, you can create a split architecture - use one mail server, exposed in
the DMZ to deliver all inbound mail to a work directory and use a daemon to
filter those messages, injecting permitted in-bound mail into a second
"internal" mail server.

You can use a mail server - any of the *nix ones can do things like this -
which implement filters to control access.  If you have an LDAP (or AD)
directory, it's just a property in the directory that ids who is allowed to
send mail.

Set the mail server to dump anything incoming that's not to an authorized
user (whether you bounce or bit bucket it is your own choice).

You can create your own DNS server for setting up whitelists/blacklists -
model it after one of the anti-spam lists.

Doing something like this means that you have only ONE email server visible
to users, so only one account...

-----Burton


-----Original Message-----
From: dataclaus1 () hushmail com [mailto:dataclaus1 () hushmail com]
Sent: Monday, January 13, 2003 1:49 PM
To: security-basics () securityfocus com
Subject: Email server+network architecture



-----BEGIN PGP SIGNED MESSAGE-----

Fellow list folk:

Situation:  My company is very restrictive on internet and email use.  Only
select users are allowed external use, and fewer still have unrestricted net
access.  Communications (email) with 'customer data' are not permitted
outside the corporate perimter, including the DMZ.  We do not wish to have
all of our users able to pop3/smtp outside our corporate perimeter, even to
the DMZ.  We want an email schema as listed below:

Inside<->Inside:      all users
Inside<->Outside:     Only those designated by management

Currently external mail is hosted by our ISP but saving that money would be
nice.

Thinking about a topology-based solution presents the following:

I can set up a 'corporate' mail server Inside (and no external
linkage)without much trouble.  But then the external-permitted people have
to manage two accounts, one for inside and one for external mail (since
those having external mail are some of the least computer savvy, this is not
the best answer).

Research indicates that putting a mail server Inside and then configuring a
conduit through our firewall is the least preferable option, as compromise
would allow Inside access.

We don't want to place the server in the DMZ because then we'd have to
permit smtp/POP3 to all users outside, and this does not meet the 'no
customer data Outside' criteria.

It seems I'm between a rock and a hard place.  Have I missed something?
Encryption may be an option, but is not implemented currently and we would
still reqire a policy change (read slow Board proposal/approval process)
before this would be a solution for a DMZ mail server.

Any suggestions as to a topology or other creative solution that would work
would be greatly appreciated.

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wl8EARECAB8FAj4jF4YYHGRhdGFjbGF1czFAaHVzaG1haWwuY29tAAoJEMX8YnuPyP0P
y+wAnjEdzxS5cU76zQvHH22xhxv9JV0aAJ4zLBIJTQyaNscrlpSRKzId947SMw==
=VmcP
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Big $$$ to be made with the HushMail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427