I would go with option 3 - send and receive directly from your trusted
external partner, message labs.  The only benefit to having a DMZ based
relay is that you don't have to open tcp25 to/from your trusted network to
the outside vendor.  Not sure there is enough of a risk there to warrant a
DMZ approach.

ISA is capable of proxying the SMTP conversation, but in this case it's
likely just more complexity - can't KISS it.

DMZ relays are useful as I mentioned above: if you need to isolate
communications from your internal network to/from outside connections to
help you manage hack attacks. But in this case, you only get mail from a
trusted/semi-trusted partner.  There is no "outside" or "untrusted/trusted"
networks. The only thing you get with a DMZ host is added complexity and
management of infrastructure.

FWIW, ISA is useful for publishing OWA and so on.  I could see that
happening quite easily and fully recommend it where possible.


On 12/5/06, Mark Parris <[EMAIL PROTECTED]> wrote:

A friend of mine has asked me to ask the group the following Exchange
related question.

An Exchange 2003 environment that has been upgraded from Exchange 2000
needs to have SMTP reconfigured for outbound mail. There are two proposals
on the table but they are not sure of the best approach.

1 Exchange Frontend/Backend configuration with both servers on the
internal network and an ISA server in the perimeter network publishing
internal SMTP to the internet or in this case messagelabs


2 Exchange Frontend/Backend configuration with both servers on the
internal network and an SMTP server in the DMZ relaying to messagelabs

Messagelabs host the MX records and cleanses most viruses out of the
emails but may change in the future though there is no current managment
thinking to do so.

Given these two scenarios which one would most people choose and if so

The environment is approx 2000 users and there are eight sites  and the
chosen SMTP configuration will be repeated in another site for resilience.

Many thanks as always,


Mark Parris

Base IT Ltd
Active Directory Consultancy
Tel +44(0)7801 690596

Reply via email to