• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2072
  • Last Modified:

SMTP Server in the DMZ

Hi,

I am currently trying to brainstorm for a client of mine how they should move forward with thier mail infrastructure.

The main objective is to provide a more secure environment than at present (1 exchange server which has all SMTP inbound traffic routed from the firewall to it and also holds all mailboxes for internal clients).
I have suggested they setup a DMZ and place an SMTP server there as the first port of call for all inbound mail connections. I have also suggested they implement some form of content filtering/AV/anti-spam at this point also to reduce the amount of unnecessary email entering the internal mail server(s).

What i wanted to post to everyone was the question of how would i best implement a 2 part mail system.
1. DMZ mail server
2. Internal Exchange Server(s)

And which products for the DMZ server have people used in the past.

Thank You.
0
adamjchaplin
Asked:
adamjchaplin
1 Solution
 
JivkoCommented:
1.DMZ Mail server - Some mail relay such as Qmail on a linux machine with qmail antivirus filtering and smtproutes to the internal mail server.
2.Internal Exchange server configured to forward SMTP traffic to smart host-DMZ qmail server.

Regards
0
 
kristinawCommented:
If you want to stay with a Windows based product, I've used Mailsweeper and eSafe both with good results. They both provide SMTP relay, antivirus and SPAM filtering all in one product.

Basically, your internal Exchange setup won't change unless you need to load balance, or the current Exchange box is getting taxed. If you have more specific questions post which versions of Exchange you're running, number of clients, etc., and we'll try to help further.

hth,
kris.
0
 
vayohaCommented:
For DMZ mail relaying server, i would use either sendmail or qmail since these products are reliable for smtp routing.  Some people also suggest postfix but I personally never use it before.   Sendmail, qmail can easily be configured on linux based system.  It's cheap so you should consider set up redundancy with at least two DMZ mail relaying by adding another MX record for the second smtp server in case the first one goes down.  This also helps for load balancing

It depends on how complicated your e-mail network infrastructure, you can even set up the similar mailhub inside your firewall.  In my environment, we have a huge mixed e-mail infrastructure with exchange, openexchange, sendmail with POP and IMAP, and Netscape Messanging server.  So, i set up a pair of mailhub using sendmail.  All internal mail are relaying through these mailhubs with the alias file pointing the recipient to the right destination e-mail servers.  All outgoing mail will be forwarding out directly.  

Incoming Mail:  Internet --> DMZ smtp server --> Internal smtp mail hub --> mail server
Outgoing Mail:  mail server --> internal smtp mail hub ---> internet

hope this will help.
vayoha
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now