Nethserver as Multiple domains Email Server only, placed in DMZ


(Gabriel GHEORGHIU) #1

Hello to all!

First of all, sorry for my english but I think you will understand what I want to tell. If you don’t, please ask me and I will try to explain again.

I use Zentyal 4.0 for this function (for now, about 30 domains and more than 250 users), placed in DMZ made with ENDIAN UTM 3.0 (another Italian very good product on my opinion).

After the last changes made by Zentyal, I decided to migrate to Nethserver.
For the moment, I will try to use Nethserver as Multiple domains Email Server only.

My first installation of Nethserver was very easy and I choose the following packages, but I don’t know if is the good choice: Email, Groupware, MySQL server, POP3 connector, POP3 proxy, Statistics, Web server, Basic firewall, Intrusion Prevention System.

My questions, for the moment, are:

  1. Wich are the packages that i must use for this configuration?
  2. When I add a package, Nethserver “knew” to add automatically another package that is necessary if I missed to select?

Thank you in advance!

Gabriel


(Davide Principi) #2

Hi @GG_jr, nice to meet you!

I’m working on the mail server today:

  • how the mail server and mail filtering parts interact and are bundled
  • mail server with many users

Please, have a look to
http://dev.nethserver.org/issues/3093
http://dev.nethserver.org/issues/2850

Probably, I’m going to adjust the Email group today. I’ll tell you soon!

In the meantime, a question on your Endian firewall: does it scan email contents? If you want to use it as mail virus+spam scanner, the mail-filtering part on NethServer could not be installed.

Sure! YUM takes care of the download and installation of RPM dependencies, automatically.


(Davide Principi) #3

Install the Email module only: it ships both mail-server and mail-filter components. If you don’t need mail filtering capabilities, you can disable them from the “Email” > “Filter” tab after installation (page reload still required).


(Gabriel GHEORGHIU) #4

Hi Davide, nice to meet you too!
GOOD JOB!

Thank you for your prompt reply!

Refer to ENDIAN: yes, it scans very well. I use SMTP Proxy in transparent mode for Green and Orange and also POP3 Proxy for Green and Orange, but I feel better with mail-filtering also on Email Server (it is one motive that I want to migrate from Zentyal). I don’t know if is the best choice, but if something bad is passing from ENDIAN, maybe the other filter will block it (till now is not happened).

Another questions: As I told you, I will use Nethserver on DMZ. The only one network adapter will be GREEN or RED (I have choosed GREEN)?

Is it necessary to make some firewall rules or port forwarding in this case?

Thank you!

Gabriel


(Davide Principi) #5

If you have mail filtering enabled on the mail-server, you can enable IMAP users to train the Bayesian filters by moving undesired messages into the “junkmail” folder. See Anti spam for more infos.

About network adapters: a standalone mail server needs one (green) interface. As NethServer plays into a DMZ, I suggest not installing the firewall components (such as IPS) that enables red, blue and orange interfaces, specific of a firewall installation.

The network firewall should forward SMTP and IMAP connections to the NethServer.


(Gabriel GHEORGHIU) #6

OK. Now I have only the following packages installed on Nethserver (all with “subpackages” enabled): Basic firewall, Email, Groupware, MySQL server, POP3 connector, POP3 proxy, Statistics, Web server.

I wasn’t very clear: not on ENDIAN UTM, but on NethServer (usually, on new installation, all traffic is blocked).


(Davide Principi) #7

NethServer takes care of its ports automatically: when mail-server module is installed, all required ports are opened.


(Gabriel GHEORGHIU) #8

Thank you!

I will not bore you with other questions. For today, of course.

Have a nice weekend to all!

Buona Pasqua!

Gabriel


(Bogdan Costin) #9

Salut Gabriel, :slight_smile:
Basically you need to setup NS as you will use it only as a local LAN mail server as David also stated before.
For Firewall and filtering mails you can try to use SOPHOS UTM instead of Endian UTM.

Just give this a try before you decide on a complete setup.

I’m also interested in deploing a replacement for Zentyal. Let’s exchange some info :smile: .

Best regards
Bogdan


How have you known about NethServer?
(Gabriel GHEORGHIU) #10

Salut Bogdan,

I also tried SOPHOS but I don’t understand why for business is so “empty” and for home is so “plenty”. It’s more intuitive but like I said …

I used ENDIAN about 2 months and I am very pleased. Now we try to sell ENDIAN in Romania.

I have tried some email servers till now (AXIGEN on Windows - is in production but now with only 2 domains, ZENTYAL 4.0 - in production, the rest of domains migrated from AXIGEN, iRed, and others).

I read about NethServer on ZENTYAL forum and I want to try it.
Till now I like it. And the NethServer Team! They read and answer on this forum! WOW!

How can we change some info not only here?

Gabriel


(Davide Principi) #11

This should be handled with care: a similar configuration could degenerate into a mail bounce source!