So, to summarize, we will have two Cyrus IMAP servers, one Public, one Private. Most employee access will be from the internal, office LAN, but with occasional access from the internet (home, vacation, etc), so the Mailboxes on both servers must be kept in sync. Short delays (up to a few minutes) in the sync process are acceptable.
Have you thought of implementing something simpler and more standard?
Many organizations are solving this problem by using single IMAP server on internal LAN, and webmail host in DMZ (that connects to internal IMAP server, either directly, or more often through some kind of IMAP proxy). When outside of the office, employees can access their mail using webmail interface. When inside the office, they can access it using regular IMAP client. Actually, I have couple of users that like webmail interface so much, they are using it even when they are in the office. Horde/IMP is very nice and usable webmail interface. Squirrel Mail is another one. I kind of preffer IMP, but that's only my preference.
Yes, I'd pretty much come to this conclusion when I read your reply. I found a document talking about setting a reverse proxy to secure a web server... is this what you were talking about? It looks like it would provide a level of security I could be comfortable with.
My main concern is, I am not a 'security' specialist. I have employed someone locally to assist me in securing our network and performing quarterly audits, but I'd just feel better if we didn't have *any* holes into our internal LAN. I guess I can live with two holes that are well protected.
I appreciate all of the replies - saved me a lot of time trying something that probably wouldn't have worked anyway.
--
Charles --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
