[protecting my internal mail server] Is Squid-reverse the right choice?
-
Hi all.
In my small company we are installing an internal mail server (kerio connect) which offers, among other things, a web interface. Our internet provider handles our domain emails included and it forwards us everything via smtp . For the outgoing messages, kerio connect sends'em out directly acting as a smtp server (no smtp relay) . We have of course a static IP and reverse dns is set correctly. My idea now is obviously to provide e-mail external access through the web interface but I don't like the idea of having a host on the LAN and reaching it using port forward (80 or 443). A collegue told me about a solution called reverse proxy and I noticed that pfsense supports it with a specific package so I'm here to ask how you would manage this task in the most secure way you can think of.
thanks in advance.
max
Italy -
The most secure will be apache + mod_security.
Some protocol checks as well caching can be done with varnish.
I have no idea about security checks on squid-reverse.