Securing Zimbra in a DMZ
We are a small company that supports 7 outlying locations connected via T1 back to a central hub.
Our current email system (Lotus Notes/Domino) has a server at each outlying location, a hub server and a server in the DMZ that serves webmail for users out of the office.
Using the replication system built into lotus we are able to have users mail boxes (.nsf files for the Lotus savy) on 3 servers at once. This provides a backup without tape drives at the remote locations (on the hub server) and a secure copy on the remote server should the copy of the mail box on the DMZ server become compromised.
Is there a way to accomplish something similar (I'm not looking to have the system be the same necessarily) with Zimbra?
For the DMZ side I'm thinking some sort of reverse proxy that backhauls the HTTP traffic over the WAN links to the remote location. This however will require some heavy rewrite rules since each remote location has their own domain name.
For the backup solution so that we won't have to maintain tapes at the remote the best I can see is doing some sort of NFS/RSYNC of the backup folder that you have the Zimbra backup system pointed at. Not sure how effective or bandwidth intensive that would be.