On Apr 2, 2010, at 12:33 PM, Victor Duchovni wrote:
> Not everything you hear on the Internet is true, kind or wise.
But I'm assuming you are all three :-)
> This said, many folks operate perimeter Postfix servers with a full queue
> (not reverse proxies) in the DMZ. There is nothing wrong with DMZ Postfix
> servers, if your network architecture is more conducive to a deployment
> of this type.
Yeah. That's what I've had for a long time. Works fine, and I'd never allow an Internet connection to anything on the LAN. That's the whole purpose of the DMZ, as I understand it.
This suggestion was to run an SMTP reverse proxy on the firewall. I'm thinking about maybe doing that for HTTP because it'd be pretty easy to filter based on what would be legit HTML requests, but not for much else.
Thanks for the info...