|Main Archive Page > Month Archives > postfix-users archives|
On Apr 1, 2010, at 1:48 PM, Victor Duchovni wrote:
> What is the "it" that has to be done for "security reasons".
Reverse proxy-ing servers on the firewall. The idea, as I understand it, is to keep badness from getting to the servers. I can kinda understand that for HTTP -- ACLs based on UR* and stuff like that might make apache's life easier -- but I don't really know what good an SMTP reverse proxy would do, aside from double checking protocol.
> If you don't need proxy-mode for non-security reasons, you don't need
> proxy mode.
I didn't think so (I'm a long way from needing load balancing, and postfix seems to do a pretty good job of looking out for itself), but I'm looking into it. Thanks for the vote against.
It occurs to me to move the spam filtering to the firewall, but I don't see a lot to be gained from that. Besides, I'm a refugee from "fixup protocol smtp."
-- Glenn English email@example.com