On 6/23/07, Nick Airey wrote: > Any thoughts would be much appreciated. I'm leaning towards switching > to option (b), but I'm not sure exactly how to split the installation.
The reality is that there is no one single "Best Practice" for this situation. What is Best Practice for your site might be considered totally unacceptable somewhere else. For example, the Mailman code is written in such a way as to be as robust as it can be in the face of whatever potential additional problems that using NFS might present. So, in theory, putting all of Mailman on NFS should "just work". But I know plenty of people who would run screaming in terror at the thought of running NFS in their DMZ. If that works for you, then you should be okay. But other sites might feel differently. My personal suggestion would be to have a minimal MTA+Mailman+web server on the machine in the DMZ, and tightly control the inputs and outputs from the machine in both directions, perhaps with a front-end web proxy that is appropriately secured, application-level gateway filter for the incoming and outgoing mail, etc.... But just because that's my personal preference doesn't necessarily make that a "Best Practice" that should be implemented everywhere -- other sites might prefer the NFS solution, or maybe something else. -- Brad Knowles <[EMAIL PROTECTED]>, Consultant & Author LinkedIn Profile: <http://tinyurl.com/y8kpxu> Slides from Invited Talks: <http://tinyurl.com/tj6q4> 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
