What we have is a mail server in the DMZ using AD on that. We have 300 agents but all come in through the Internet. We have only a few on the internal network. So we use NT Auth from the web for everything. We have a lot of agent websites and things and it all works great and WE PASSED a security audit by NASA (we do all travel for them) which I was not to sure how it would go down with the AD in the DMZ. As far as putting AD inside of the firewall I have been thinking about doing the same thing. This is what I am currently thinking of. 1. Mail relay in DMZ 2. Conduit to Mail Server on inside which is on same net as DC so it should be able to auth (catch does AD have to be on same system as Imail ...still trying to work that out) 3. Web server in DMZ with conduit from sever internal IP to SQL on internal network. May be two NIC?
Even though we passed the sec audit I DO NOT like my users stuff in the DMZ but I inherited the thing so now I got to make it work until I can change it. Keep in touch let me know how it goes. Paul Ingram CI Travel, IT Systems Analyst 888.461.0022 ext.826 mailto:[EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dave Koontz Sent: Monday, May 06, 2002 12:01 PM To: [EMAIL PROTECTED] Subject: [IMail Forum] DMZ Authentication against Internal Win2K Domain We are presently looking to change our mail server software and iMail seems to have a lot of features. However, I am a bit surprised that iMail does not seem to be able to Authenticate against an NT database other than the local machine. Has anyone found a way to Authenticate iMail in a DMZ to an Internal Win2K domain controller or Radius server? If not, is there a way to establish a domain "Trust" relationship between the DMZ Domain controller and the Internal one? Any help would be greatly appreciated. Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/ --- [This E-mail scanned for viruses by Declude Virus/McAfee] --- [This E-mail scanned for viruses by Declude Virus/McAfee] Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/
