Author Topic: Internet Server  (Read 2110 times)

philtrick

  • Zen Apprentice
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Internet Server
« on: November 18, 2009, 01:16:02 pm »
Hi,

I have watched the evolution of ebox with interest, as it seems to fill a number of needs for small businesses without taking too much installation time etc.

I had one quick question though:

Is ebox suitable to be installed as a public facing mail / web server, for example on a dedicated server in a hosting company, and to be the main MX for the domain, as well as master ldap server?

Has anyone implemented it in this way, or are there other recommendation?

Thanks,

Phil

christian

  • Guest
Re: Internet Server
« Reply #1 on: November 18, 2009, 01:48:59 pm »
Is ebox suitable to be installed as a public facing mail / web server, for example on a dedicated server in a hosting company, and to be the main MX for the domain, as well as master ldap server?

Has anyone implemented it in this way, or are there other recommendation?

Hi,
I tried to do something similar... and different.
Similar in that sense that I would like to use one ebox as "internet gateway", meaning, as you wrote, main MX, http/ftp proxy etc...
Different in the sense that I'm not comfortable with - shared - LDAP on this server exposed to internet.

Basically, for the time being, and unless I'm wrong in my understanding, such configuration doesn't work "out of the box" because postfix cannot be configured to forward email to internal mail server using LDAP entries to find maildrop server per user.
For what I understand, this could change with 1.4

Then LDAP usage is currently not flexible to permit access to external ldap server (that would be, in our case, an internal server so that accounts are not stored on server exposed on internet).

In my specific case, I'm also blocked with other constraints: I need to run Karmic on my Samba server to solve some network performance issue with Realtek but ebox on Karmic is a bit late compared to Hardy and Jaunty. Thus I can't really test master/slave.

Cheers,
Christian

philtrick

  • Zen Apprentice
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: Internet Server
« Reply #2 on: November 18, 2009, 01:57:44 pm »
Hi Christian,

Thanks for the reply.

I see what you mean about ldap, I was thinking more over a secure connection than directly exposed.

I think what you are trying to do is more complex than me, as I just want to store the email on that server, and have IMAP access directly to it.  Although, having the email forwarded  would boost local performance on site.

Looks like I'll have to do a bit more thinking for the moment...

Thanks ,

Phil

christian

  • Guest
Re: Internet Server
« Reply #3 on: November 18, 2009, 02:13:58 pm »
I see what you mean about ldap, I was thinking more over a secure connection than directly exposed.

I think what you are trying to do is more complex than me, as I just want to store the email on that server, and have IMAP access directly to it.  Although, having the email forwarded  would boost local performance on site.

Having email stored on this server with one leg "outside" and IMAP on the internal interface works just fine. That's what I'm currently doing waiting for 1.4 and improvement in this area.

Ldap on this server is not a very high risk: if you firewall is well configured, ldap not binding on external interface, it's reasonably secure but I'm a bit paranoiac  ;)
In fact I just don't see why I should store anything, including emails, on this server that should, from my standpoint, provide relay (proxy, smtp etc...) and cleanup (antivirus and antispam).

Christian 

sixstone

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1417
  • Karma: +26/-0
    • View Profile
    • Sixstone's blog
Re: Internet Server
« Reply #4 on: November 24, 2009, 11:38:47 am »
Hi Phil,

Is ebox suitable to be installed as a public facing mail / web server, for example on a dedicated server in a hosting company, and to be the main MX for the domain, as well as master ldap server?

Just for your information, we eat in our company our own dog's food, so we use eBox for network services internally and externally. ;)

Cheers,
My secret is my silence...

philtrick

  • Zen Apprentice
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: Internet Server
« Reply #5 on: November 24, 2009, 03:21:01 pm »
Hi Phil,

Is ebox suitable to be installed as a public facing mail / web server, for example on a dedicated server in a hosting company, and to be the main MX for the domain, as well as master ldap server?

Just for your information, we eat in our company our own dog's food, so we use eBox for network services internally and externally. ;)

Cheers,

Great!

Might just give it a try then.. I seem to have some time to kill.....

philtrick

  • Zen Apprentice
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: Internet Server
« Reply #6 on: November 24, 2009, 03:21:45 pm »
Hi Phil,

Is ebox suitable to be installed as a public facing mail / web server, for example on a dedicated server in a hosting company, and to be the main MX for the domain, as well as master ldap server?

Just for your information, we eat in our company our own dog's food, so we use eBox for network services internally and externally. ;)

Cheers,

Do you have your ldap exposed or do you just run your mail services externally?

THanks,

Phil

christian

  • Guest
Re: Internet Server
« Reply #7 on: November 25, 2009, 06:34:14 am »
Do you have your ldap exposed or do you just run your mail services externally?

"exposed"...  well my point with this was to highlight that LDAP must run on server having one leg on internet. Obviously there is still FW preventing to really "expose" LDAP.
My concern is valid with mail storage too. For what I understand (I hope to be wrong but never succeeded having different configuration without changing conf manually, meaning not using ebox "out of the box" I would say  ;) ), your mail storage is also this server exposed on internet because mails are delivered on MTA (no relay to "per mailbox mailhost").

Again, I'm not saying this should be a major concern but could be something you have to take in account depending on what you target.

Cheers,

philtrick

  • Zen Apprentice
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: Internet Server
« Reply #8 on: November 25, 2009, 01:48:07 pm »
Do you have your ldap exposed or do you just run your mail services externally?

"exposed"...  well my point with this was to highlight that LDAP must run on server having one leg on internet. Obviously there is still FW preventing to really "expose" LDAP.
My concern is valid with mail storage too. For what I understand (I hope to be wrong but never succeeded having different configuration without changing conf manually, meaning not using ebox "out of the box" I would say  ;) ), your mail storage is also this server exposed on internet because mails are delivered on MTA (no relay to "per mailbox mailhost").

Again, I'm not saying this should be a major concern but could be something you have to take in account depending on what you target.

Cheers,

What I am trying to do is have a server which is accessible for mail from a wide variety of locations.

My concerns with having a local mailhost mainly stems from ADSL usage, where significant upstream traffic can have dramatic effects on the quality of the connection for other users.
Having a local mailhost would be great from the point of view from the local users, but we have a number of users who travel frequently, and they have large email stores, so when refreshing from an IMAP client, this would cause large upstream traffic, and this would cause local problems for the users located near to the mailhost.

My only way around this would be to designate the users laptops as mailhosts, but that removes the ability to have a central mail backup location....

Phil

sixstone

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1417
  • Karma: +26/-0
    • View Profile
    • Sixstone's blog
Re: Internet Server
« Reply #9 on: December 01, 2009, 12:43:49 pm »
"exposed"...  well my point with this was to highlight that LDAP must run on server having one leg on internet. Obviously there is still FW preventing to really "expose" LDAP.
My concern is valid with mail storage too. For what I understand (I hope to be wrong but never succeeded having different configuration without changing conf manually, meaning not using ebox "out of the box" I would say  ;) ), your mail storage is also this server exposed on internet because mails are delivered on MTA (no relay to "per mailbox mailhost").

You may have your LDAP server only listening to local interfaces or denying by firewall. So it is not exposed. I don't get what you mean about mail storage is exposed too.

Could you elaborate on that sentence? ;)

Cheers,
My secret is my silence...