General discussion


Exchange DMZ dilemma

By Amariniello ·
A system that I am setting up has a DMZ and they want to use Exchange 2K functionality and have their own mail server. A colleague has suggested, locating the Exchange server in the DMZ and allowing the clients to access the server through the Internal firewall. The Domain controller (All 2K) is located on the internal network and I would like all accounts to be centrally administered. I also want no connections initiated from the DMZ into the internal network.
If I use a front end / back end server situation I will need to punch a few holes though the firewall.
Can I use a Linux server running send mail/qmail/whatever to pickup the mail and the internal exchange server to retrieve it? Thus elimination the need to open up a hole from the DMZ to the internal network?
Does an anyone have any ideas or suggestions???

This conversation is currently closed to new comments.

1 total post (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Exchange DMZ dilemma

by thomas.nilsen In reply to Exchange DMZ dilemma

I would recommend using 1 of these options:

1. Install a Linux box running sendmail/postfix/qmail on DMZ and open up TCP port 25 from DMZ to the internal Exchange server. You won't get it more secure than this. This will also give you the option of using spamfilters etc on the SMTP daemon.

2. Install a Linux/Windows box with a third party SMTP anti-virus gateway - like Trend InterScan.

I would never place a full Exchange server on DMZ. There's to many ports that needs to be open. Place only the SMTP gateway on DMZ, while the mail server stays on the internal LAN.

Back to Security Forum
1 total post (Page 1 of 1)  

Related Discussions

Related Forums