[Mailman-Users] mailman installation with DMZ

[Nick Airey]

Hi Everyone, 

I would like some advice on the best way to set up a mailman installation in the presence of a DMZ, ie. I have a webserver in the DMZ which is accessible to the public. The MTA, however, is in the safe zone.

The public needs access to the mailman web interface, implying that this should be run from the webserver in the DMZ. However the MTA in the safe zone needs to make a pipe connection to mailman, which (I assume) in turn needs access to the disk partition where the mailman files are stored. Hence mailman needs to be co-located with the MTA.

As a quick fix:

(a) I setup mailman and its web interface completely in the safe zone, and set the webserver in the DMZ to proxy URI "/mailman/*", to the internal webserver. This works, but I'm not sure if this is the ideal solution. I'm also not crazy about parts of an internal webserver being accessible to the internet.

Other possibilities I considered were:

(b) split the mailman installation, run the web part in the DMZ, accessing an NFS mounted disk on an internal machine. The MTA part of mailman running in the safe zone, can then access the same disk and process mail as normal. Worst case scenario, if the disk mount becomes unmounted (or otherwise unwritable), the web interface is unusable. However the MTA part (sending, receiving mails) still keeps working.

(c) run mailman completely in the DMZ, and run a MTA on the DMZ, which can relay to the MTA in the safe zone for delivery. I don't really like this for a few reasons involving mail security and policy of running "minimalist" machines in the DMZ.


Any thoughts would be much appreciated. I'm leaning towards switching to option (b), but I'm not sure exactly how to split the installation.

I would also be willing to document this as a "best practice" for the mailman documentation.  (I'm sure this question must come up all the time for fresh installations)


Nick