But if you've got a DMZ.. you've likely got either a tri-homed or back-to-back firewall. Pushing the Exchange server out onto the DMZ does not make your internal network any more secure, but does expose your bridgeheads. Plus... if you're going to stick your Exchange boxes out on the DMZ, you're going to have to open up your interior firewall (so that your internal Exchange servers can talk to your bridgeheads and vice-versa) and that's not the greatest idea.
If he's worried about inbound SMTP, check out filtering products as MIMEsweeper. I'm not sure whether 5.5.SP4 has any anti-spam/relay features built-in.. but I'm sure someone else can clarify that. Cheers, Mylo -----Original Message----- From: Sagert, Lori [mailto:[EMAIL PROTECTED]] Sent: 27 February 2002 15:47 To: Exchange Discussions Subject: RE: Bridgeheads on the DMZ He feels that having the Bridgeheads receive SMTP mail on the internal network poses a security problem. Of course the Bridgehead is using a NAT ip address but he wants to lock it down further. -----Original Message----- From: Andy David [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 26, 2002 6:45 PM To: Exchange Discussions Subject: RE: Bridgeheads on the DMZ What is his/her logic? -----Original Message----- From: Sagert, Lori [mailto:[EMAIL PROTECTED]] Sent: Monday, February 25, 2002 4:12 PM To: Exchange Discussions Subject: Bridgeheads on the DMZ Hello All: Exchange 5.5 sp4 W2k We have a new Security manager who wants to put our SMTP only Bridgeheads out on the DMZ. I don't feel comfortable with this and was wondering if any of you had done this and ran across any gotcha's? TIA Lori Sagert ---------------------------------------------------- gedasUSA, Inc./Volkswagen of America NT/Exchange Administrator 3800 Hamlin Road Auburn Hills, MI 48326 USA phone +1-248-754-6401 telefax +1-248-754-6399 Mailto:[EMAIL PROTECTED] http://www.gedas.net ---------------------------------------- _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] ---------------------------------------------------------------------------- -- The information contained in this email message is privileged and confidential information intended only for the use of the individual or entity to whom it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copy of this message is strictly prohibited. If you have received this email in error, please immediately notify Veronis Suhler Stevenson by telephone (212)935-4990, fax (212)381-8168, or email ([EMAIL PROTECTED]) and delete the message. Thank you. ============================================================================ == _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
