Re: Where do I put Exchange Server?

From: Kenny Wu (kenny.penghu_at_msa.hinet.net.NO-SPAM)
Date: 05/11/04


Date: Tue, 11 May 2004 23:27:59 +0800

Hi,

If you put the mail server in DMZ,
you have to open many ports to allow AD query, client access mail server,
netbios sessions, name resolutions etc,
so, you have to do many thing when you put it in DMZ, and it's not good if
your firewall open many ports.

-- 
==============
Kenny Wu
Taiwan
MCSE, MCSA
==============
"Sam" <sam@iQinternet.com> 撰寫於郵件新聞
:O9GQYYvNEHA.2820@TK2MSFTNGP10.phx.gbl...
> Hi Kenny,
>
> Thanks for the response. Why not put it in the DMZ?
>
> Sam
>
> "Kenny Wu" <kenny.penghu@msa.hinet.net.NO-SPAM> wrote in message
> news:u4F7OinNEHA.3420@TK2MSFTNGP11.phx.gbl...
> > Hi,
> >
> > My suggestion is put the mail server behind the ISA server,
> > and use secure mail function to publish your mail server.
> >
> > -- 
> > ==============
> > Kenny Wu
> > Taiwan
> > MCSE, MCSA
> > ==============
> > "Sam" <sam@iQinternet.com> 撰寫於郵件新聞
> > :ePY##TeNEHA.2884@TK2MSFTNGP10.phx.gbl...
> > > Hi,
> > >
> > > Where should I put our Exchange Server, on the Internal network or the
> > DMZ?
> > > Thanks.
> > >
> > > Sam
> > >
> > >
> >
> >
>
>


Relevant Pages

  • Re: Firewall and DMZ topology
    ... If the MAIL server is in the DMZ. ... >able to sniff all the traffic on the internal side of the firewall, ... >>The Gartner Group just put Neoteris in the top of its Magic Quadrant, ...
    (Security-Basics)
  • RE: Email server+network architecture
    ... There doesn't have to be ONE DMZ. ... "internal" mail server. ... Communications with 'customer data' are not permitted ... permit smtp/POP3 to all users outside, and this does not meet the 'no ...
    (Security-Basics)
  • Re: Firewall and DMZ topology
    ... Tha basic idea is that the firewall will ... So the LAN will be isolated ... from the DMZ ... ... > If the MAIL server is in the DMZ. ...
    (Security-Basics)
  • Re: Mail server security - best practices?
    ... The mail server in the DMZ does not need to have access to port 25 on ... As a stateful firewall, pf can be ... Is it because email is "quantified" when moved to the internal network? ...
    (comp.unix.bsd.openbsd.misc)
  • Re: Mail server security - best practices?
    ... the one machine behind the firewall. ... The mail server in the DMZ does not need to have access to port 25 on ... configured to not allow connections from the bastion host in the DMZ ...
    (comp.unix.bsd.openbsd.misc)