Mail: DMZ imap4s and smtps w/auth to forward to internal server mail
Hi there guys.
I have a problem like this:
In my infrastructure I have an internal mail server with non-ssl protocol for reading (imap4 on port 143, pop3 on 110) and a postfix MTA for sending mail with no auth (smtp on port 25).
I'd like to extend availability of mail services to my users also from external, using a "passthrou" machine in my DMZ, but I want to respect all the rules to make the service as secure as possible.
In other words... my idea is to install a service in DMZ, where a user can land for its IMAP4 authentication, using secure port 993, and this DMZ machine should forward requests to internal mail server to standard (insecure) port 143 (performing imap authentication of already existing internal machine).
In the same way, user could use our MTA, connecting his client (eg. from a mobile phone's mail client) to our machine in DMZ to ssl port 465 with authentication, then this DMZ machine should act as a relay to internal smtp:25 w/ no auth for sending mail.
I'm looking a solution for making this possible. I tried nginx and perdition but with no success.
Any suggestions is kindly appreciated.