RE: [leaf-user] DMZ --> LAN?

Fri, 06 Jan 2006 12:49:05 -0800 

Note: Two messages below quote for reference.

While you could make this work it would it is far outside best practices
from an Exchange perspective.  However even if this did work I don't
think it will go very far in making Exchange any more secure.  A proper
way to achieve this would be to build an Outlook Web Access (OWA)
frontend system and place it in your DMZ and only open the ports it
requires to talk to the backend. You would keep the Exchange server
itself on your internal network.  

Also while you are at it you might want to consider moving to a more
recent version of Exchange, as 5.5 is somewhat of a relic these days.

In reference to what Charles said with putting an SMTP smart host in the
DMZ, this is a very good idea.  I have something similar configured
using Qmail-LDAP so that it can interface with Active Directory to check
validity of emails addresses before accepting them and it works
exceptionally well.

R.

-----Original Message-----
From: Doug Sampson [mailto:[EMAIL PROTECTED] 
Sent: Friday, January 06, 2006 1:41 PM
To: [EMAIL PROTECTED]
Subject: RE: [leaf-user] DMZ --> LAN?

It is both an Exchange 5.5 box and an OWA- all in one box. I've opened a
hole on the external interface to allow webmail connections for webmail
users. I am not comfortable with allowing connections into the LAN- thus
the
reason why I want to move it to the DMZ.

When I boot up in the DMZ, it complains of not finding a domain
controller.
It is a member of our domain but is not a domain controller.

HTH.

~D

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Charles
Steinkuehler
Sent: Friday, January 06, 2006 3:23 PM
To: Doug Sampson
Cc: [email protected]
Subject: Re: [leaf-user] DMZ --> LAN?

Unless someone with exchange experience chimes in (I've stayed as far
away
from exchange as I can), you'll probably need to ask your question on a
more
MS centric list and/or search google/MSDN for information on putting a
firewall between your exchange server and clients.

NOTE:  If you're moving the exchange box to the DMZ mainly because of
concernes that it might get hacked, an alternative would be to install
an
SMTP server in the DMZ that simply forwards mail to the exchange box
sitting
on the internal LAN, shielding it from the 'raw' internet in the
process.



-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
------------------------------------------------------------------------
leaf-user mailing list: [email protected]
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Reply via email to