We have Imail running on a Win2k AD DC. We only allow HTTPS (I originally didn't allow HTTPS but some higher-ups wanted web-mail access from home) and SMTP from the outside. The server is placed in our DMZ. Rules to allow replication have been added to allow the server to communicate another DC on the trusted network. AD was also tweaked so that replication should only occur with one other server. This proved tricky and still a concern to me. I keep the server up to date on patches and use GFI's System Integrity Monitor (it's free) to monitor OS files. All communication is logged between this server and the DC and I check the logs in a semi-regular fashion for any anomalies. For the most part, I can sleep at night.
Hindsight is 20-20 and if I had to do it over again, I would have budgeted for an additional gateway server to sit in the DMZ and relay mail to Imail sitting on the internal network. Todd Bierbaum - MCP BankTrust - IT Department Office: 850-835-3335 ext 106 Cell: 850-598-3993 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gordon Waters Sent: Thursday, December 16, 2004 7:12 PM To: [EMAIL PROTECTED] Subject: Re: [IMail Forum] IMail on a DC? I have Imail on a DC , as I needed to use the NT Database for accounts , so this was the only way of doing so. I keep my DC up to date with the latest security patches , My Dc is on my internal network , with router / firewall rules in place to only let allowed traffic to and from it , So far I have not had a problem. Gordon. Marty Pigg wrote: >Greetings, > >I am seeking info from those of you who have installed Imail on a >Domain Controller. We desire the account integration that comes with >installing Imail on a DC, but are wondering if there is a downside, >like potential security headaches. > >Anyone have an opinion on this configuration? > >Thx > > > >To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html >List Archive: >http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ >Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > -- Gordon Waters Network / Server Administrator The Canberra Times 9 Pirie St Fyshwick ACT 2610 Ph : (02) 6280 2393 Fax: (02) 6280 2141 To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
