Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

SMTP Server in the DMZ

Posted on 2004-03-25
5
Medium Priority
?
1,970 Views
Last Modified: 2009-12-16
Hi,

I am currently trying to brainstorm for a client of mine how they should move forward with thier mail infrastructure.

The main objective is to provide a more secure environment than at present (1 exchange server which has all SMTP inbound traffic routed from the firewall to it and also holds all mailboxes for internal clients).
I have suggested they setup a DMZ and place an SMTP server there as the first port of call for all inbound mail connections. I have also suggested they implement some form of content filtering/AV/anti-spam at this point also to reduce the amount of unnecessary email entering the internal mail server(s).

What i wanted to post to everyone was the question of how would i best implement a 2 part mail system.
1. DMZ mail server
2. Internal Exchange Server(s)

And which products for the DMZ server have people used in the past.

Thank You.
0
Comment
Question by:adamjchaplin
3 Comments
 
LVL 4

Expert Comment

by:Jivko
ID: 10684883
1.DMZ Mail server - Some mail relay such as Qmail on a linux machine with qmail antivirus filtering and smtproutes to the internal mail server.
2.Internal Exchange server configured to forward SMTP traffic to smart host-DMZ qmail server.

Regards
0
 
LVL 22

Expert Comment

by:kristinaw
ID: 10689036
If you want to stay with a Windows based product, I've used Mailsweeper and eSafe both with good results. They both provide SMTP relay, antivirus and SPAM filtering all in one product.

Basically, your internal Exchange setup won't change unless you need to load balance, or the current Exchange box is getting taxed. If you have more specific questions post which versions of Exchange you're running, number of clients, etc., and we'll try to help further.

hth,
kris.
0
 

Accepted Solution

by:
vayoha earned 200 total points
ID: 10695270
For DMZ mail relaying server, i would use either sendmail or qmail since these products are reliable for smtp routing.  Some people also suggest postfix but I personally never use it before.   Sendmail, qmail can easily be configured on linux based system.  It's cheap so you should consider set up redundancy with at least two DMZ mail relaying by adding another MX record for the second smtp server in case the first one goes down.  This also helps for load balancing

It depends on how complicated your e-mail network infrastructure, you can even set up the similar mailhub inside your firewall.  In my environment, we have a huge mixed e-mail infrastructure with exchange, openexchange, sendmail with POP and IMAP, and Netscape Messanging server.  So, i set up a pair of mailhub using sendmail.  All internal mail are relaying through these mailhubs with the alias file pointing the recipient to the right destination e-mail servers.  All outgoing mail will be forwarding out directly.  

Incoming Mail:  Internet --> DMZ smtp server --> Internal smtp mail hub --> mail server
Outgoing Mail:  mail server --> internal smtp mail hub ---> internet

hope this will help.
vayoha
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
You finally migrated Public Folders to Office 365, decommissioned the Public Folder mailbox database and since then, when you send an email from on-premise to mail-enabled Public Folders, you get the following error: "Misconfigured public folder mai…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question