Exposing exchange server to Internet
Posted on 2009-07-15
Hi All, I am facing a bit of technical dilemma.
Until recently we had our Exchange servers (2003) communicating to the outside world via email gateway appliances sitting in the DMZ (The usual antivirus/antispam gateways of the likes of TrendMicro's IMSS, barracudas and Ironports).
Now we have decided to outsource the email gateway services of antispam and antivirus, to the like's of Messagelabs, Postini or Mimecast.
The concern is, do I still maintain the appliances to act as the frontend or I let the messagelabs directly send the mail to my exchange servers sitting on my internal network? I do have Cisco's ASA 5520 firewall at the perimeter though which I can utilise but is there some standard for such a design?
[Internal LAN] [Firewall / DMZ] [Internet Cloud]
Exchange Servers -> Cisco ASA 5520 -> Cisco Router 2800 -> Messagelabs/mimcast (Highest MX)