I agree that anything unnecessary is just increasing the odds of failure. I've had a buffering link for so long that it seemed odd not to have one, so I felt that a sanity check was worth the time. Thank you for your reply.
Keith D. Beahm | Network Engineer | Stinson Leonard Street LLP 1201 Walnut Street, Suite 2900 | Kansas City, MO 64106-2150 T: 816.691.3374 | F: 816.412.1022 [email protected] | www.stinsonleonard.com<http://www.stinsonleonard.com> Stinson Leonard Street LLP is officially open for business! Please update your records to reflect the new email address and firm name. From: [email protected] [mailto:[email protected]] On Behalf Of Jump, Stewart Sent: Thursday, February 20, 2014 9:07 AM To: [email protected] Subject: [Exchange] RE: Exchange 2010 Edge Server Hi, Why don’t you want to allow the Mimecast servers to connect directly to Exchange? What is this box in the middle going to add apart from another point of failure? If you lock down your firewall so it only allows port 25 from the Mimecsat IP range you aren’t allowing direct connections from any hackers so any IT Auditors / pen testers should be happy Regards Stewart Jump ********************************************************************* If you receive this e-mail in error, please contact +44 20 7280 5000. The information contained in this e-mail and in the attachments if any, is confidential. It must not be read, copied, disclosed, printed, forwarded, relied upon or used by any person other than the intended recipient. Unauthorised use, disclosure or copying is strictly prohibited. N M Rothschild & Sons Limited Registered number 925279 Registered in England at New Court, St Swithin's Lane, London EC4N 8AL N M Rothschild & Sons Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority in the United Kingdom. The firm reference number is 124451. ********************************************************************* From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Beahm, Keith Sent: 20 February 2014 13:52 To: [email protected]<mailto:[email protected]> Subject: [Exchange] Exchange 2010 Edge Server Currently we have a legacy Axway Mailgate clustered appliance that sits in our DMZ that buffers mail between Exchange on premises and Mimecast cloud services (i.e. external send, receive, SPAM control, and message hygiene). I have considered replacing Mailgate with the Exchange Edge Role, but I don’t see the value add considering what Mimecast already provides. I don’t really want to forward Mimecast traffic thru my firewall to my internal exchange servers directly. A simple DMZ hardened Windows Server 2008 SMTP relay seems like a plausible option. What is your best practice recommendation for that buffering link between Mimecast cloud, and Exchange internal? Keith D. Beahm | Network Engineer | Stinson Leonard Street LLP 1201 Walnut Street, Suite 2900 | Kansas City, MO 64106-2150 T: 816.691.3374 | F: 816.412.1022 [email protected]<mailto:[email protected]> | www.stinsonleonard.com<http://www.stinsonleonard.com> Stinson Leonard Street LLP is officially open for business! Please update your records to reflect the new email address and firm name. Please consider the environment before printing this e-mail. This communication (including any attachments) is from a law firm and may contain confidential and/or privileged information. If it has been sent to you in error, please contact the sender for instructions concerning return or destruction, and do not use or disclose the contents to others.
