We currently have all our email stored on a Dovecot IMAP server in our internal network. Client machines on the network are able to connect and access their email.
Now we want to allow certain users to be able to connect in and view their email from the outside using IMAP. We currently have a firewall/router with a dedicated (unused) DMZ port. The way I see it we have two options:
- Set up port forwarding on the router to forward any IMAP requests on ports 585 or 993 to the server; the server can then validate the user.
- Attach a reverse proxy IMAP server to the DMZ of the router; this in turn can forward the IMAP requests to the server on the internal network (with the possible option of validating the user-name before doing so).
Does anyone have any suggestions/comments on the merits of either approach?
I'm find it difficult to think of any read advantages to having an extra reverse-proxy in the DMZ of a three-legged firewall, since it's pretty much just going to effectively be doing port forwarding anyway. ...Or am I missing something?