Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

SMTP relay in DMZ a bad idea?

Posted on 2006-06-19
6
Medium Priority
?
322 Views
Last Modified: 2008-03-04
Hi we have a web server in our DMZ and someone wants to send mail straight from it out onto the internet. Their suggestion is to enable SMTP on that server and use it that way. My instincts say its not a good idea so I am looking for some guidance as to whether this is ok? We don't have any exchange servers in the dmz but do have lots of 2k3 on this side we could use. Its just whether we can do without having smtp enabled on web box in dmz. Or is there a standard way that people suggest?

Cheers

Charlie
0
Comment
Question by:cmuir
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 16935557
If the box is protected by a firewall then it shouldn't be a problem.
Although what I tend to do is use the ISPs SMTP server.

Simon.
0
 
LVL 9

Expert Comment

by:Exchgen
ID: 16936821
Charile,

If its just one user, why not add his/her ip to the SMTP relay tab of the issue box....

This way only that individual would be able to relay...

Raghu
0
 

Author Comment

by:cmuir
ID: 16937051
it is an automated form on a website - not sure that would be possible or best practice would it if the web box was in the DMZ and Exchange was on the local LAN?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 9

Accepted Solution

by:
Exchgen earned 200 total points
ID: 16937256
If IIS is told to give relay permissions to just 1 single IP its safe as per my knowledge...

If you feel you may want to secure it further, add a SMTP level virus scanner and a port 25 traffic analyzer to determine if it is being abused.


Raghu
0
 

Author Comment

by:cmuir
ID: 16939861
so i can do that within IIS then - do you know of any documentation that shows how this can be achieved?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16946877
If you are using Windows 2003, then you have to base it on two articles:

http://support.microsoft.com/default.aspx?kbid=293800
http://support.microsoft.com/default.aspx?kbid=324272

Simon.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question