Solved

SMTP Server in the DMZ

Posted on 2004-03-25
5
1,808 Views
Last Modified: 2009-12-16
Hi,

I am currently trying to brainstorm for a client of mine how they should move forward with thier mail infrastructure.

The main objective is to provide a more secure environment than at present (1 exchange server which has all SMTP inbound traffic routed from the firewall to it and also holds all mailboxes for internal clients).
I have suggested they setup a DMZ and place an SMTP server there as the first port of call for all inbound mail connections. I have also suggested they implement some form of content filtering/AV/anti-spam at this point also to reduce the amount of unnecessary email entering the internal mail server(s).

What i wanted to post to everyone was the question of how would i best implement a 2 part mail system.
1. DMZ mail server
2. Internal Exchange Server(s)

And which products for the DMZ server have people used in the past.

Thank You.
0
Comment
Question by:adamjchaplin
5 Comments
 
LVL 4

Expert Comment

by:Jivko
ID: 10684883
1.DMZ Mail server - Some mail relay such as Qmail on a linux machine with qmail antivirus filtering and smtproutes to the internal mail server.
2.Internal Exchange server configured to forward SMTP traffic to smart host-DMZ qmail server.

Regards
0
 
LVL 22

Expert Comment

by:kristinaw
ID: 10689036
If you want to stay with a Windows based product, I've used Mailsweeper and eSafe both with good results. They both provide SMTP relay, antivirus and SPAM filtering all in one product.

Basically, your internal Exchange setup won't change unless you need to load balance, or the current Exchange box is getting taxed. If you have more specific questions post which versions of Exchange you're running, number of clients, etc., and we'll try to help further.

hth,
kris.
0
 

Accepted Solution

by:
vayoha earned 50 total points
ID: 10695270
For DMZ mail relaying server, i would use either sendmail or qmail since these products are reliable for smtp routing.  Some people also suggest postfix but I personally never use it before.   Sendmail, qmail can easily be configured on linux based system.  It's cheap so you should consider set up redundancy with at least two DMZ mail relaying by adding another MX record for the second smtp server in case the first one goes down.  This also helps for load balancing

It depends on how complicated your e-mail network infrastructure, you can even set up the similar mailhub inside your firewall.  In my environment, we have a huge mixed e-mail infrastructure with exchange, openexchange, sendmail with POP and IMAP, and Netscape Messanging server.  So, i set up a pair of mailhub using sendmail.  All internal mail are relaying through these mailhubs with the alias file pointing the recipient to the right destination e-mail servers.  All outgoing mail will be forwarding out directly.  

Incoming Mail:  Internet --> DMZ smtp server --> Internal smtp mail hub --> mail server
Outgoing Mail:  mail server --> internal smtp mail hub ---> internet

hope this will help.
vayoha
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now