Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

SMTP Server in the DMZ

Posted on 2004-03-25
5
1,825 Views
Last Modified: 2009-12-16
Hi,

I am currently trying to brainstorm for a client of mine how they should move forward with thier mail infrastructure.

The main objective is to provide a more secure environment than at present (1 exchange server which has all SMTP inbound traffic routed from the firewall to it and also holds all mailboxes for internal clients).
I have suggested they setup a DMZ and place an SMTP server there as the first port of call for all inbound mail connections. I have also suggested they implement some form of content filtering/AV/anti-spam at this point also to reduce the amount of unnecessary email entering the internal mail server(s).

What i wanted to post to everyone was the question of how would i best implement a 2 part mail system.
1. DMZ mail server
2. Internal Exchange Server(s)

And which products for the DMZ server have people used in the past.

Thank You.
0
Comment
Question by:adamjchaplin
5 Comments
 
LVL 4

Expert Comment

by:Jivko
ID: 10684883
1.DMZ Mail server - Some mail relay such as Qmail on a linux machine with qmail antivirus filtering and smtproutes to the internal mail server.
2.Internal Exchange server configured to forward SMTP traffic to smart host-DMZ qmail server.

Regards
0
 
LVL 22

Expert Comment

by:kristinaw
ID: 10689036
If you want to stay with a Windows based product, I've used Mailsweeper and eSafe both with good results. They both provide SMTP relay, antivirus and SPAM filtering all in one product.

Basically, your internal Exchange setup won't change unless you need to load balance, or the current Exchange box is getting taxed. If you have more specific questions post which versions of Exchange you're running, number of clients, etc., and we'll try to help further.

hth,
kris.
0
 

Accepted Solution

by:
vayoha earned 50 total points
ID: 10695270
For DMZ mail relaying server, i would use either sendmail or qmail since these products are reliable for smtp routing.  Some people also suggest postfix but I personally never use it before.   Sendmail, qmail can easily be configured on linux based system.  It's cheap so you should consider set up redundancy with at least two DMZ mail relaying by adding another MX record for the second smtp server in case the first one goes down.  This also helps for load balancing

It depends on how complicated your e-mail network infrastructure, you can even set up the similar mailhub inside your firewall.  In my environment, we have a huge mixed e-mail infrastructure with exchange, openexchange, sendmail with POP and IMAP, and Netscape Messanging server.  So, i set up a pair of mailhub using sendmail.  All internal mail are relaying through these mailhubs with the alias file pointing the recipient to the right destination e-mail servers.  All outgoing mail will be forwarding out directly.  

Incoming Mail:  Internet --> DMZ smtp server --> Internal smtp mail hub --> mail server
Outgoing Mail:  mail server --> internal smtp mail hub ---> internet

hope this will help.
vayoha
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question