Difference between revisions of "Use Postfix on Bastion-host"

From Scalix Wiki
Jump to: navigation, search
(init)
(No difference)

Revision as of 19:37, 18 February 2008

If you want to use your scalix-server in your LAN and need an exposed server for incomming mail here's how to make it with Postfix. As the default scalix uses sendmail this gives you a better chance to survive a hacked bastion-host

  • Install your bastion-host's OS
  • Install postfix
  • config your firewall-rules to allow
    • incomming SMTP (TCP: Port 25) on external interface
    • outgoing SMTP to host:scalix.inside (Use the IP of your internal scalix-gateway)

Forwarding to internal server

edit the /etc/postfix/main.cf to contain the following 

myorigin = $mydomain 
mydestination = $mydomain 
transport_maps = hash:/etc/postfix/transport 
mynetworks = 
scalix.inside/32, 
127.0.0.1/8

and in /etc/postfix/transport 

domain.com    inside-gateway.domain.com

Be aware - don't install the bastion's SSH-key (without password) as a trusted key on your internal server if somebody breaks the bastion (postfix or other services) he will need to break your scalix as well

Retrieved from "https://www.scalix.com/wiki/index.php?title=Use_Postfix_on_Bastion-host&oldid=3990"