Smarthost, Web server and Small Business Edition

[mweichert]

At our company, we have a web server and postfix server in our DMZ.

We are purchasing Scalix Small Business Edition to install on a server in our internal network.

I know that Scalix Small Business Edition can only be installed on one server, so I just wanted to be sure that the SWA client could be installed on our web server in the DMZ and that all external e-mail could be sent to the postfix server.

Does anyone know the answer to this or have any experience with configuring something like this?

Thanks,
Mike

[Valerion]

At our company, we have a web server and postfix server in our DMZ.

We are purchasing Scalix Small Business Edition to install on a server in our internal network.

I know that Scalix Small Business Edition can only be installed on one server, so I just wanted to be sure that the SWA client could be installed on our web server in the DMZ and that all external e-mail could be sent to the postfix server.

The Postfix server just needs to know to forward all mails to the real Scalix server. That's a standard mail relay setup which I know works, though I've only set it up with sendmail so far.

As to SWA, there's 2 ways.

1) You can install SWA and tomcat on the DMZ machine and point it to the HTTP, IMAP and LDAP ports of the internal server (/etc/opt/scalix has got all the config files for this). The SWA server software will run on your DMZ machine, so it will need to be powerful enough to cope with this.

2) You can install SWA and tomcat on your internal machine and apache on the DMZ machine. Transfer the Scalix apache configs regarding mod_jk to the DMZ machine, and have tomcat listen to 8009 on the wildcard interface, and you should be sorted. I have it running this way for my own LAN and it works well.

Just remember to open all the needed ports on your firewall to allow DMZ access to the Scalix server.

[mweichert]

Thank you very much for the reply!

I'm glad that it doesn't sounds like it will be a problem to setup. I just wanted to be sure that I could do this with the Small Business Edition of Scalix.

As for SWA, I think I'll go for option 2. I hope you don't mind me posting here again when we are ready to implement.

Thanks again,
Mike

The Postfix server just needs to know to forward all mails to the real Scalix server. That's a standard mail relay setup which I know works, though I've only set it up with sendmail so far.

As to SWA, there's 2 ways.

1) You can install SWA and tomcat on the DMZ machine and point it to the HTTP, IMAP and LDAP ports of the internal server (/etc/opt/scalix has got all the config files for this). The SWA server software will run on your DMZ machine, so it will need to be powerful enough to cope with this.

2) You can install SWA and tomcat on your internal machine and apache on the DMZ machine. Transfer the Scalix apache configs regarding mod_jk to the DMZ machine, and have tomcat listen to 8009 on the wildcard interface, and you should be sorted. I have it running this way for my own LAN and it works well.

Just remember to open all the needed ports on your firewall to allow DMZ access to the Scalix server.

[mweichert]

Hi,

We are getting ready for implementation and I hope that you are able to help me again.

I'm setting up a Postfix server on the DMZ portion of our network. What I'm unsure of is how to configure the authentication of the Postfix server. SLES wants the backend of the Postfix server to be LDAP. I guess that would require me to create a separate LDAP server in the DMZ and populate it with user accounts that match the uid's of our internal LDAP server.

How do I "map" the authentication between the internal LDAP server used for Scalix and the external LDAP server used for the smart host?

OR...

Do I have the postfix server in the DMZ authenticate to the LDAP server in the LAN?

Finally, for the internal mail server (scalix) should I configure the domain name as mycompany.local and then for the postfix server in the DMZ using mycompany.com?

Thanks a bunch!
Mike

At our company, we have a web server and postfix server in our DMZ.

We are purchasing Scalix Small Business Edition to install on a server in our internal network.

I know that Scalix Small Business Edition can only be installed on one server, so I just wanted to be sure that the SWA client could be installed on our web server in the DMZ and that all external e-mail could be sent to the postfix server.

The Postfix server just needs to know to forward all mails to the real Scalix server. That's a standard mail relay setup which I know works, though I've only set it up with sendmail so far.

As to SWA, there's 2 ways.

1) You can install SWA and tomcat on the DMZ machine and point it to the HTTP, IMAP and LDAP ports of the internal server (/etc/opt/scalix has got all the config files for this). The SWA server software will run on your DMZ machine, so it will need to be powerful enough to cope with this.

2) You can install SWA and tomcat on your internal machine and apache on the DMZ machine. Transfer the Scalix apache configs regarding mod_jk to the DMZ machine, and have tomcat listen to 8009 on the wildcard interface, and you should be sorted. I have it running this way for my own LAN and it works well.

Just remember to open all the needed ports on your firewall to allow DMZ access to the Scalix server.

[florian]

Why do you need authentication on your Postfix? The only scenario I could think of would be to allow external users (i.e. POP/IMAP clients) to submit email for delivery from the Internet - is that what you planned?

If so, Scalix provides an LDAP service and this would also allow postfix to be setup to authenticate against.

Cheers,
Florian.

[mweichert]

Sorry, I should of never wrote the post above when I did as I didn't really know how to describe what I was after. I've now done quite a bit of reading and research and set up postfix the way I needed to.

However, I do want IMAP clients to be able to send mail to the gateway and have it delivered to the internal scalix server. Do I have to setup something like Cyrus on the mail gateway to do that?

Thanks,
Mike

[florian]

No you don't.

IMAP clients to not send eMail via IMAP - they use SMTP. So in this case, they would be talking to your Postfix. This, however, requires authentication to work.

Florian.