Proxy in DMZ

[markrich]

I am looking to install a Scalix system in the next few weeks.
As part of my design I plan to install a machine in the DMZ hosting Webmail and an IMAP proxy.

Webmail will do most people fine, however Blackberry's phones configured through Vodafone and T-Mobile need a secure IMAP connection to the server.

I therefore have three questions.

1) How does Webmail talk to the server inside the network? Is there a secure port it connects to in order to do so? What is that port so that I may open in the firewall between webmail server and Scalix server?

2) Is there a recommended IMAP proxy to allow the phones AND clients such as Apple Mail and Thunderbird, to connect to the server? What is the best configuration there? How would I connect from the proxy to the Mailserver?

3) Do I need an SMTP proxy? If someone is connected through the IMAP proxy to to the mailserver how do they send email?

Sorry, if I sound a bit vague and newbie on these questions. It's because I am.

Thank you!

Mark

[echelon]

I believe webmail uses imap for mail and LDAP for address book lookup from the main scalix server. It may also use smtp. So that would be three ports to open between DMZ and firewall- presumably you can add a firewall rule that allows traffic between those 3 ports but only between your scalix server and web mail server.

I am not sure what you would use to proxy IMAP. I think stunnel may be the best solution enable secure IMAP clients at least, since Scalix IMAP doesn't support secure imap itself.

STMP shouldn't require a proxy. If the blackberry devices use SMTP to send mail then you can just enable Sendmail on the DMZ machine (assuming this is a linux or unix type machine.) You would probably need to configure authentication so only authorized users can relay mail. You can also configure a smart host with sendmail to route all mail via your scalix machine. Sendmail should support SSL encryption- but I haven't tried it out.