General discussion

Locked

DNS And MX through Nat Router

By azizhakim ·
Good Morning,
I have been assigned a single static IP address from my ISP.I have my domain name registered with the same ISP.The external IP address is my public address on my nat router.Internal addresses are private.I have an Active directory domain xxx.Local.I have an Exchange 2000 for mail.Currently my mail server is set up for topgun.net SMTP address.That I can change to my registered domain.
QUESTION.
Although my internal domain is .Local,I would like to know how can I set up to receive mail for registered domain.Here is my thoughtas how I would accomplish this.
1)Notify my ISP to register my registered domain to the IP address of my public address on my nat router.
2)Notify my ISP to register MX record to registered domain to point to public address on my router.
3)On my router,filter my router to redirect port 25 and 110 to internal IP address of my exchange server.
WILL THIS CONFIGURATION WORK TO ACCOMPLISH WHAT I INTEND TO DO?
Any thoughts is welcome or Any Other options I can consider.
Thanx
Aziz

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by CG IT In reply to DNS And MX through Nat Ro ...

yep.

question though, why have port 110 open if your using smtp for mail?

Collapse -

by CG IT In reply to

well Sgt Shultz kinda said it all. If your using SMTP for mail on Exchange, then having POP3 mail port 110 open leaves the mail server vunderable for attack. The less amount of ports open to the public, the better protected you are.

Collapse -

by azizhakim In reply to

Poster rated this answer.

Collapse -

by azizhakim In reply to DNS And MX through Nat Ro ...

For pop mail.Any comments on that

Collapse -

by sgt_shultz In reply to DNS And MX through Nat Ro ...

he knows its pop3 dear. you maybe don't need it open.
we want you to stay as 'closed up' as you can because your mail server is gonna be public.
you have a firewall on the mail server? (nervous cough.)
consider 'hiding' your mail server behind mail proxy. put mail proxy in dmz (public - that is where you are proposing to put mail server). mail proxy in dmz has 2 nics, talks to private mail server on different subnet (and maybe even uses protocol other that tcpip and maybe even runs on different (hardened) OS). mail server talks to lan. different subnet. nothing on private lan directly connected to internet. proxy box also place to put (more) ant-SPAM and anti-virus...
security-harden your OS's per www.cert.org, and support.microsoft.com
ditto Exchange...
make list of what has to happen across router and how (what ports, what protocol, what direction, from whom, to whom?)
like ftp, telnet, pcanywhere, replication, instant messaging, streaming video....what else what else...
make a table for above and fill in everything you know then go after the blank spaces. then you see what you have to have open. then, go after and set up best practices for defending what has to be exposed. if you have been telling them 'cheap' stop that for now...or start learning linux and putting in more ot. (rdl)
if you have not been cultivating good rapport with ISP, cut that out also...
maybe these keywords can help you start:
Postfix
SpamAsassin
dns proxy
http proxy
all this also compile list of best security practices like using strong passwords and changing them often, physical server security, logging off. not having administrator account used as daily working account. having login schedule. etc.
domino mail server used to come out of box prone to advertising all it's goodies on the web. don't know about exchange but you may need to harden it with configuration changes (like forbidding relaying) right away.

Collapse -

by azizhakim In reply to

Poster rated this answer.

Collapse -

by ChrisDent In reply to DNS And MX through Nat Ro ...

Basically, yes it should work. But for a little more detail...

1. Bit unclear as to why you would do that (or what you mean by that) unless you have other services you're running on there.

The records you'll need in DNS are as follows (as an example):

mail.mydomain.com in A xxx.xxx.xxx.xxx(public IP address)

That tells it where the mail server you'll use in the MX record is.

2. Then the MX record itself...

mydomain.com. in MX 10 mail.mydomain.com.

If you wanted a backup mail delivery server you would also add something like:

mydomain.com. in MX 20 mail2.mydomain.com.

3. As mentioned above... 110 is unnecessary unless you want people to be able to pick up POP mail externally.

25 is going to be the most heavily used and of course the most important.

An obvious thing... but I would of course recommend testing mail delivery from an external source to the server before making it live.

Make very sure that you're server isn't an open relay (it isn't by default on Exchange 2000) and I highly recommend you enforce some kind of password policy if you're allowing relaying by authenticated users (default setting for Exchange 2000).

Collapse -

by azizhakim In reply to

Poster rated this answer.

Collapse -

by azizhakim In reply to DNS And MX through Nat Ro ...

This question was closed by the author

Back to Windows Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums