Solved

SMTP Server in the DMZ

Posted on 2004-03-25
5
1,811 Views
Last Modified: 2009-12-16
Hi,

I am currently trying to brainstorm for a client of mine how they should move forward with thier mail infrastructure.

The main objective is to provide a more secure environment than at present (1 exchange server which has all SMTP inbound traffic routed from the firewall to it and also holds all mailboxes for internal clients).
I have suggested they setup a DMZ and place an SMTP server there as the first port of call for all inbound mail connections. I have also suggested they implement some form of content filtering/AV/anti-spam at this point also to reduce the amount of unnecessary email entering the internal mail server(s).

What i wanted to post to everyone was the question of how would i best implement a 2 part mail system.
1. DMZ mail server
2. Internal Exchange Server(s)

And which products for the DMZ server have people used in the past.

Thank You.
0
Comment
Question by:adamjchaplin
5 Comments
 
LVL 4

Expert Comment

by:Jivko
ID: 10684883
1.DMZ Mail server - Some mail relay such as Qmail on a linux machine with qmail antivirus filtering and smtproutes to the internal mail server.
2.Internal Exchange server configured to forward SMTP traffic to smart host-DMZ qmail server.

Regards
0
 
LVL 22

Expert Comment

by:kristinaw
ID: 10689036
If you want to stay with a Windows based product, I've used Mailsweeper and eSafe both with good results. They both provide SMTP relay, antivirus and SPAM filtering all in one product.

Basically, your internal Exchange setup won't change unless you need to load balance, or the current Exchange box is getting taxed. If you have more specific questions post which versions of Exchange you're running, number of clients, etc., and we'll try to help further.

hth,
kris.
0
 

Accepted Solution

by:
vayoha earned 50 total points
ID: 10695270
For DMZ mail relaying server, i would use either sendmail or qmail since these products are reliable for smtp routing.  Some people also suggest postfix but I personally never use it before.   Sendmail, qmail can easily be configured on linux based system.  It's cheap so you should consider set up redundancy with at least two DMZ mail relaying by adding another MX record for the second smtp server in case the first one goes down.  This also helps for load balancing

It depends on how complicated your e-mail network infrastructure, you can even set up the similar mailhub inside your firewall.  In my environment, we have a huge mixed e-mail infrastructure with exchange, openexchange, sendmail with POP and IMAP, and Netscape Messanging server.  So, i set up a pair of mailhub using sendmail.  All internal mail are relaying through these mailhubs with the alias file pointing the recipient to the right destination e-mail servers.  All outgoing mail will be forwarding out directly.  

Incoming Mail:  Internet --> DMZ smtp server --> Internal smtp mail hub --> mail server
Outgoing Mail:  mail server --> internal smtp mail hub ---> internet

hope this will help.
vayoha
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now