[protecting my internal mail server] Is Squid-reverse the right choice?

  • Hi all.
    In my small company we are installing an internal mail server (kerio connect) which offers, among other things, a web interface. Our internet provider handles our domain emails included and it forwards us everything via smtp . For the outgoing messages, kerio connect sends'em out directly acting as a smtp server (no smtp relay) . We have of course a static IP and reverse dns is set correctly. My idea now is obviously to provide e-mail external access through the web interface but I don't like the idea of having a host on the LAN and reaching it using port forward (80 or 443). A collegue told me about a solution called reverse proxy and I noticed that pfsense supports it with a specific package so I'm here to ask how you would manage this task in the most secure way you can think of.
    thanks in advance.

  • The most secure will be apache + mod_security.

    Some protocol checks as well caching can be done with varnish.

    I have no idea about security checks on squid-reverse.