Dear mailcow users.
Such an exciting project, I am currently in the process of migrating over from zimbra.
GOAL:
I would like to create a setup where my mailcow instance is not exposed to the internet for security reasons. Users will access their mail/calendar/contacts through VPN only.
BACKGROUND:
I would like to keep the attack surface as small as possible. My family will be “forced” to use VPN on their phones to connect to the server.
CURRENT PLAN:
Create 2 complete separate servers running mailcow. One publicly available, responsible to send and receive mails. The other one behind the VPN, responsible to store mail/calendar/contacts.
To achieve this I am thinking of:
- duplicating the user accounts (there are only 5 of them for my family)
- use the externally available instance as a smarthost/relayhost for the one behind the VPN
- use the internal instance to store all the data, users will connect to this instance only
- create “sync jobs” (imapsync) to pull mail from the publicly available server with the option enabled to delete from the source after successful transfer
QUESTION:
Is this the best way to achieve my goal? I have not tried the above but it seems like a workable solution. I would like to find out if you guys have suggestions for other approaches?
Thanks a lot!