What are some tips for using POP3 accounts in a DMZ with MailMarshal?


This article applies to:

  • Trustwave MailMarshal (SEG)

Question:

  • What are some tips for using POP3 accounts in a DMZ with MailMarshal?

Information:

 If you plan to use POP3 with MailMarshal in a DMZ, consider the following:

  • The MailMarshal POP3 service is a basic implementation. It is not designed to scale for larger organizations or be used in installations with more than one MailMarshal email processing server.  Most DMZ installations have multiple servers.
  • MailMarshal validates POP3 accounts directly from the email processing server. If you use Windows accounts, they must be accounts that all email processing servers can validate.
  • If the email processing servers are installed in a DMZ, typically you cannot use Windows accounts based in your trusted network. You must use MailMarshal accounts, or Windows accounts based in the DMZ.  This restriction applies to accounts used for POP3 delivery, and also to accounts used for relaying authentication.
  • You can use specially assigned MailMarshal accounts and passwords in this situation. MailMarshal passwords are passed securely. A best practice is to assign strong passwords and change the passwords periodically.
  • You can use a single account for relaying authentication, since most email clients allow you to specify separate credentials for receiving and sending.

Note:

Please also reference the information about accounts and POP3 in the MailMarshal User Guide, available in the support section of this site.

 

This article was previously published as:
NETIQKB40663

Last Modified 3/1/2020.
https://support.trustwave.com/kb/KnowledgebaseArticle10816.aspx