• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 326
  • Last Modified:

SMTP relay in DMZ a bad idea?

Hi we have a web server in our DMZ and someone wants to send mail straight from it out onto the internet. Their suggestion is to enable SMTP on that server and use it that way. My instincts say its not a good idea so I am looking for some guidance as to whether this is ok? We don't have any exchange servers in the dmz but do have lots of 2k3 on this side we could use. Its just whether we can do without having smtp enabled on web box in dmz. Or is there a standard way that people suggest?

Cheers

Charlie
0
cmuir
Asked:
cmuir
  • 2
  • 2
  • 2
1 Solution
 
SembeeCommented:
If the box is protected by a firewall then it shouldn't be a problem.
Although what I tend to do is use the ISPs SMTP server.

Simon.
0
 
ExchgenCommented:
Charile,

If its just one user, why not add his/her ip to the SMTP relay tab of the issue box....

This way only that individual would be able to relay...

Raghu
0
 
cmuirAuthor Commented:
it is an automated form on a website - not sure that would be possible or best practice would it if the web box was in the DMZ and Exchange was on the local LAN?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
ExchgenCommented:
If IIS is told to give relay permissions to just 1 single IP its safe as per my knowledge...

If you feel you may want to secure it further, add a SMTP level virus scanner and a port 25 traffic analyzer to determine if it is being abused.


Raghu
0
 
cmuirAuthor Commented:
so i can do that within IIS then - do you know of any documentation that shows how this can be achieved?
0
 
SembeeCommented:
If you are using Windows 2003, then you have to base it on two articles:

http://support.microsoft.com/default.aspx?kbid=293800
http://support.microsoft.com/default.aspx?kbid=324272

Simon.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 2
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now