Cyrus IMAP - sync two servers (one Public, one Private)
Paul M Fleming
pfleming at siumed.edu
Tue Mar 8 11:12:51 EST 2005
Unless you need two servers for fault tolerance syncing two hosts
probably is more work than it's worth. There are other ways to solve the
performance/isolation problem. The solution depends on the level of
isolation you require between inside and outside the firewall.
Definitely plan on an external SMTP handler to deal with spam etc. We
use the same backend servers (gig-e) attached for inside and outside
users. Outside users come in through an external IMAP proxy (currently
custom code, future Murder) to our farm of 3 back-end hosts. Inside
users use 2 different proxies. In your case, if you only have 1 IMAP
server you could use perdition http://www.vergenet.net/linux/perdition/
to proxy the outside users if you require that level of isolation,
otherwise just use the firewall to control what comes in. You could also
multi-home the IMAP Store.
In the simplest case:
Firewall - DMZ - External SMTP
Gig-E Switch - IMAP Store
With two different servers
Firewall - DMZ - External SMTP & IMAP Proxy
Your question is as much a network / security architecture question as
Charles Marcus wrote:
> Hi Henrique (and anyone else who understands Murder),
> Let me rephrase what I am trying to accomplish. Maybe Murder isn't the
> way to go...
> 1. I have a small, internal LAN that I want to keep protected, by
> blocking all unsolicited traffic (block all incoming ports to protect
> from port scanners/sniffers/hackers/worms). This LAN will contain a
> Private File/Mail Server running SuSE SLES9 - Postfix and Cyrus. All
> email access for our company is through IMAP - we haven't used or
> allowed POP access for a long time, and our Reps love having access to
> all of their email from anywhere.
> 2. We will also, for the first time, be bringing our Web and Email
> hosting in house, so we will have a second, Public Web/Mail server also
> running on SuSE SLES9 (Postfix/Cyrus).
> 3. In our business, we deal with a lot of binary attachments (jpegs and
> PDFs mostly, some fairly big), so, for performance reasons (I want our
> email sessions, which up to now have been slow - sometimes
> *excruciatingly* slow - to be very fast), when employees are physically
> in the office, I want them to only talk to the internal, Private IMAP
> server over the gigabit switch (ie, not have to have 30+ employee IMAP
> sessions all jammed through a single, 10/100 firewall port to talk to
> the Public IMAP server).
> 4. For Security purposes, whem employees are physically *outside* the
> office (accessing from the internet), I want them to only talk to the
> Public Mail/IMAP server.
> So, to summarize, we will have two Cyrus IMAP servers, one Public, one
> Private. Most employee access will be from the internal, office LAN, but
> with occasional access from the internet (home, vacation, etc), so the
> Mailboxes on both servers must be kept in sync. Short delays (up to a
> few minutes) in the sync process are acceptable.
> What is the best way to accomplish this?
> Many thanks for suggestions,
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus