Sanjay Arora wrote: > Hmmm...dont like to tamper with firewalls...reason they are there is > that there is risk involved...dont make sense that I increase > perceived risk even for small timeslots, just to impose what I think > should happen. > > Guess will implement mailboxes on DMZ and Green both, scripted to > download mail from one to the other or some similar permutation. Any > idea on how to broadly do it. Dont need to give me the installation > details...just an idea how to set it up...Anyone? > > Thanks again, Peter. > Sanjay. Without relaxing your security policy between dmz->green (even during a specifed timeslot), I don't see that you have much choice but to use a program like fetchmail to pull (download) your e-mail from the DMZ server. If I had to deal with a security policy such as yours, I would look at configuring the DMZ mail server to store all inbound e-mail in a single mailbox (single password vs. multiple), then use fetchmail's multi-drop feature to retrieve e-mail from your DMZ server and then store the retrieved e-mail in individual mailboxes on the green server. See "man fetchmail" for examples of using multi-drop and especially the USER AUTHENTICATION AND ENCRYPTION section for password encryption between the green server and DMZ server. Another option might be to create an SSH tunnel between the green->DMZ server to pull your queued e-mail. You know, if you were willing to relax your security policy for a given timeslot (like a cronjob), you could configure your DMZ MTA to use a "deferred" queue, then issue an ETRN (during the cronjob) to release/deliver your e-mail to the green server. --Steve Cowles
