My understanding of classic firewall arrangement is DMZ area should hold computers with open ports to the internet like Web server, Email server etc. A client of mine contracted to a 3rd party to install Exchange 2000, and 3rd party is installing the server inside private network and asking me to open port 25 to internet. Is this a standard thing to do with exchanged or should exchange server be on DMZ and AD push replication from DC be set up? Microsoft link describes opening several ports from DMZ to private network, also a bad thing, I thought:
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q280/1/32.ASP&NoWebContent=1
I do networks w/ AD, firewalls, IIS, WANs, etc, but not exchange so any thoughts are greatly appreciated. Thanks.