secure boundary services with a Mac Mini?

R

rosecottage


Joined
Dec 1, 2014
Messages
2
Reaction score
0
Points
1
Hi,
I have a Mac Mini with Yosemite. I want to host my own web and mail services for my business . I am thinking of establishing another Mac Mini in a DMZ to act as an SMTP relay, possibly also as a web server, and what do you think a VPN termination point too?

on my network I would have a Mac Mini running internal mail, In my mind users outbound mail would route to the Mac mini in the DMZ and then be routed out to the destination. Inbound would be received by the DMZ Mac Mini and routed to the internal mail server. This way I don't expose any internal system to the web.

Is this practical with Mac Mail servers and are there any constraints I may need to understand - Can I, for-example, share calendars or address books with mobile devices in this configuration? or would I need to provide a VPN on my mobile devices that could then 'extend' LAN services to them?

I haven't done much on the Mac to be honest so any advice, config notes, etc would be very welcome and greatly appreciated,
Thanks,
Sam
 
MacsWork

MacsWork


Joined
May 22, 2005
Messages
2,159
Reaction score
67
Points
48
Location
Closer than you think.
Your Mac's Specs
Performa 6116 2GBSCSI 8MB OS 7.5.3
IMHO I've never been a fan of the email services of OS X server. That said I also don't know enough about them to laud or tout them. I just feel that with a core system such as email and web that having those systems hosted makes more sense.
Unless you yourself have access to data center and pay for your own rack space then maybe.But at that point you probably know that a Mac Mini is not something you are going to rely on for mail and web anyway.
As for VPN, the VPN service works well but has never been the pillar of security. I would offload this to a network security appliance.

That said, outside of the SMTP relay, everything should work just fine. I have not used OS X server in that fashion and but might suggest using a SaaS mail sanitization provider. This would limit your surface area in relation to SMTP.
 
OP
R

rosecottage


Joined
Dec 1, 2014
Messages
2
Reaction score
0
Points
1
Thanks for your thoughts which I appreciate. I guess my business is small and I would usually build a more robiust capability in a DC should I need to. However, I want to enable a smaller footprint this time and retain control of my mail etc. The function of the DMZ server was really to avoid exposing my internal systems directly to the internet. I felt that I could reduce my attack footprint by only enabling SMTP between the inner and outer Mac Minis and also by just allowing a time, user, and MAC address access to the Mac Mini for when i need to update the website on it or do admin to the mail system.

I just cannot seem to find anyone who can help me configure the Mac Mini to be an outbound mail relay point only for an approved domain.

All help appreciated,
Sam
 
S

sullij


Joined
Jun 7, 2013
Messages
65
Reaction score
1
Points
8
Location
Raleigh NC
Your Mac's Specs
mac mini late 2012; mac mini early 2014; old mac mini running centos; new macbook air; iPad;iPhone
You may want to check the configuration of your internet service provider's device at your site, and If you have access to it. You can often use that device to provide the DMZ.
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top