ianw1974 Posted October 9, 2007 Report Share Posted October 9, 2007 I'm trying to think of a good way to do this, so if anyone has some ideas, it would be great. At work, we have an Exchange Server (yes I know), and they don't want to open it up directly to the internet with port forwarding from the firewall. They were hoping we could do it with proxying imap. I thought of using iptables, but in effectively, this would be a two layered firewall, because the first firewall would direct to the machine running iptables, and this in turn would just forward on to the Exchange Server itself. Is there really any point? Thoughts on this one appreciated. Alternatively, I'm left with somehow proxying the imap connection from the Linux system to the Exchange Server. Quote Link to comment Share on other sites More sharing options...
Phil Edwards Posted October 12, 2007 Report Share Posted October 12, 2007 Alternatively, I'm left with somehow proxying the imap connection from the Linux system to the Exchange Server. I happen to know just the bit of software you're looking for - it's called perdition and can be found at: http://www.vergenet.net/linux/perdition/ What you'd need to do would be to have 2 NICs in the Linux box, which I'm guessing you've probably already got. Perdition can listen for incoming IMAP and/or POP3 connections on the internet facing connection and proxy them off to the Exchange server which will be reachable via an RFC1918 private IP on the second NIC. It's a bit of a fiddle to install, since there are a couple of bizarre libraries that it needs which have to be compiled from source tarballs. Just to give you some idea of how good perdition is, I work for an ISP in the UK - our mail platform handles POP3 and IMAP connections for almost 150,000 mailboxes and last time I looked, our traffic levels were peaking during the day at around 2,500 POP3/IMAP connections per minute. This is with an out-of-the-box install of perdition, no performance tweaking at all. Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted October 13, 2007 Author Report Share Posted October 13, 2007 Hi Phil, Thanks for the reply, I did sort it only yesterday using a package called up-imapproxy or something like that, and the machine only has one single nic. It's forwarding it well :) I was trying iptables, but it wouldn't work how I thought it would, but in the end found this package that works nice and easy. Now we've got the firewall with static ip that forwards to my anti-spam gateway, which then proxies the imap to the real mail server. Quote Link to comment Share on other sites More sharing options...
Phil Edwards Posted October 17, 2007 Report Share Posted October 17, 2007 Cool, glad to hear you've got it up and running. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.