Re: Smart host or not?
From: David Hodgson (david.hodgson_at_vianet.co.uk)
Date: 06/09/04
- Next message: mike gonzales: "contact list"
- Previous message: Lanwench [MVP - Exchange]: "Re: HELP! :o(( ... several Exchange 2003 problems"
- In reply to: Lanwench [MVP - Exchange]: "Re: Smart host or not?"
- Next in thread: Mark Arnold [MVP]: "Re: Smart host or not?"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 9 Jun 2004 15:58:12 +0100
the only ports I'm opening up is the following
any traffic from 192.168.10.12 (internal IP of FE) (External IP is NAT'd) is
alowed to talk to 192.168.0.10 (BE)
since I'm using internal IP's I assumed that spoofing could not happen and
also it would be very secure.
Am I wrong?
"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in message
news:uoYZowiTEHA.3476@tk2msftngp13.phx.gbl...
> David Hodgson wrote:
> > Thankyou Paul,
> >
> > I realise it's not the most secure method but my company will not pay
> > for an ISA license
>
> So put it inside your firewall, carefully lock down access to it in the
> firewall, secure the FE server as best you can, etc.
> You've had to open up a lot of ports between DMZ and LAN and that
> effectively renders your DMZ not a DMZ anymore.
> >
> > cheers
> > Dave
> >
> >
> > "Paul Ford [MSFT]" <paulford@online.microsoft.com> wrote in message
> > news:OxZgLuhTEHA.504@TK2MSFTNGP11.phx.gbl...
> >> Messages will not be lost if the connection between front-end and
> >> back-end goes down. Exchange will realise the connection is down and
> >> queue mail to the front-end (if another route does not exist). It
> >> will then continue to try and connect to the front-end server and
> >> when then send the messages when it has successfully connected.
> >>
> >> By the way, placing a FE in a DMZ is not the most secure way to
> >> deploy Exchange due to the Front-End having to be part of domain and
> >> also due to the amount of ports that need to be open at the firewall
> >> to accomodate a Front-End in the DMZ.
> >>
> >> Paul
> >> --
> >> This posting is provided "AS IS" with no warranties, and confers no
> >> rights.
> >>
> >>
> >> "David Hodgson" <david.hodgson@vianet.co.uk> wrote in message
> >> news:ca6rqs$4sr$1$8302bc10@news.demon.co.uk...
> >>> I have
> >>>
> >>> FE - Firewall - BE
> >>>
> >>> Ignore Firewall config
> >>>
> >>> I have added...
> >>> MX record for FE and BE on Internal DNS
> >>> MX record for FE on External DNS
> >>>
> >>> I have configured BE to use FE as "Smart Host"
> >>>
> >>> FE and BE are in the same "Routing Group"
> >>>
> >>> Is this all I need to do?
> >>> If FE goes down and my users send an email will it be lost because
> >>> I'm using a smart host?
> >>> or will having both servers in the same Routing Group keep the
> >>> messages from being deleted until FE is back up?
> >>>
> >>> thankyou
> >>> Dave
>
>
- Next message: mike gonzales: "contact list"
- Previous message: Lanwench [MVP - Exchange]: "Re: HELP! :o(( ... several Exchange 2003 problems"
- In reply to: Lanwench [MVP - Exchange]: "Re: Smart host or not?"
- Next in thread: Mark Arnold [MVP]: "Re: Smart host or not?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
