Dear mailcow users.
Such an exciting project, I am currently in the process of migrating over from zimbra.
I would like to create a setup where my mailcow instance is not exposed to the internet for security reasons. Users will access their mail/calendar/contacts through VPN only.
I would like to keep the attack surface as small as possible. My family will be “forced” to use VPN on their phones to connect to the server.
Create 2 complete separate servers running mailcow. One publicly available, responsible to send and receive mails. The other one behind the VPN, responsible to store mail/calendar/contacts.
To achieve this I am thinking of:
- duplicating the user accounts (there are only 5 of them for my family)
- use the externally available instance as a smarthost/relayhost for the one behind the VPN
- use the internal instance to store all the data, users will connect to this instance only
- create “sync jobs” (imapsync) to pull mail from the publicly available server with the option enabled to delete from the source after successful transfer
Is this the best way to achieve my goal? I have not tried the above but it seems like a workable solution. I would like to find out if you guys have suggestions for other approaches?
Thanks a lot!