OPNsense Forum

Archive => 21.1 Legacy Series => Topic started by: tlafleur0 on March 26, 2021, 09:17:39 am

Title: mail server in lan and mail gateway in dmz
Post by: tlafleur0 on March 26, 2021, 09:17:39 am

hello everyone,
i am thinking of improving the security of my network by implementing a DMZ.

in the DMZ I would put the servers that offer external services such as webserver, mail gateway, cloud server etc.

i have a question regarding the mailserver.
i would like to keep the mailserver on the LAN and not in DMZ.
to send the mail there are no problems, i make the LAN communicate with the dmz and the mail is sent, but to receive it? to make a rule that allows the mail gateway to communicate with the LAN would not become a security risk?

how would you configure this situation?
thanks to all

Title: Re: mail server in lan and mail gateway in dmz
Post by: lfirewall1243 on March 26, 2021, 11:25:52 am

Why don't use the OPNsense as Mailgateway between them?

Your Mail GW is sending the Mails to OPNsense. The OPNsense looks what Domain is it for and checks for Spam if configured after that OPNsense is sending the Mails to your Mailserver

Someone would need to Hack your MailGW first, than Hack Postfix to get access over it to your LAN

Title: Re: mail server in lan and mail gateway in dmz
Post by: tlafleur0 on March 26, 2021, 11:41:37 am

I saw the possibility of using mg of opnsense but I can not, unfortunately, change the current configuration. higher orders  :)

Title: Re: mail server in lan and mail gateway in dmz
Post by: lfirewall1243 on March 26, 2021, 11:44:05 am

Okay when you can' reconfigure your MailGW there are 2 Options

1. Redirect the Streams from your MailGW to the OPNsense Postfix
2. Allow the Traffic from your MailGW to your Mailserver directly