• Feedback
  • USEnglish
  • Connect publicly accessible instance to instance behind VPN

Dear mailcow users.

Such an exciting project, I am currently in the process of migrating over from zimbra.

GOAL:
I would like to create a setup where my mailcow instance is not exposed to the internet for security reasons. Users will access their mail/calendar/contacts through VPN only.

BACKGROUND:
I would like to keep the attack surface as small as possible. My family will be “forced” to use VPN on their phones to connect to the server.

CURRENT PLAN:
Create 2 complete separate servers running mailcow. One publicly available, responsible to send and receive mails. The other one behind the VPN, responsible to store mail/calendar/contacts.
To achieve this I am thinking of:

  • duplicating the user accounts (there are only 5 of them for my family)
  • use the externally available instance as a smarthost/relayhost for the one behind the VPN
  • use the internal instance to store all the data, users will connect to this instance only
  • create “sync jobs” (imapsync) to pull mail from the publicly available server with the option enabled to delete from the source after successful transfer

QUESTION:
Is this the best way to achieve my goal? I have not tried the above but it seems like a workable solution. I would like to find out if you guys have suggestions for other approaches?

Thanks a lot!

No one is typing

Have something to say?

Join the community by quickly registering to participate in this discussion. We'd like to see you joining our great moo-community!