The location of your mail server depends on your reasons.
As a policy anything that is going to be touched through the internet should reside in the DMZ. One recommended solution is to put a mail relay server in the DMZ. This server will accept all mail and forward it to a Mail server inside the LAN. The mail server inside the LAN will only talk to the mail server in the DMZ on port 25 only. If people need access to mail from outside the office than they should be restricted to a VPN solution only. Even for a web based solution. Most web based solutions have too many security issues including Exchange OWA. Message labs has a great whitepaper on how to secure a Exchange OWA. -Sanjay -----Original Message----- From: M Ravi Kumar [mailto:[EMAIL PROTECTED]] Sent: Friday, May 10, 2002 12:10 AM To: Naren T Cc: Imraan Kadir; [EMAIL PROTECTED] Subject: Re: Mail server One more query, if this mail server needs to be accessed by romaing users (employee) through web based; eg: like yahoo or hotmail, then DMZ is recommended. Assuming that mail server is there in DMZ ( +firewall, +antivirus scanner,), whereas the DMZ network should not be accessed from LAN, in that case how does the user will access the mails once he is back to office. Regards, Ravi On Thu, 9 May 2002, Naren T wrote: ->depends on what mail server .. and what is your network topology ... ->. -> ->Of course, DMZ is recommended .. -> ->Alternate, use a relay server (like Trend micro viruswall, to do virus ->cleaning as well .. ) and place the Mail server on the LAN. -> ->That way you will not directly expose your mail server to external ->world, and also have your lan users accessing / downloading mail at ->10/100 speed. -> ->hope this helps .. -> ->Naren ->Singapore ->----- Original Message ----- ->From: "Imraan Kadir" <[EMAIL PROTECTED]> ->To: <[EMAIL PROTECTED]> ->Sent: Tuesday, May 07, 2002 9:34 PM ->Subject: Mail server -> -> ->> Hi There ->> ->> Can somebody please shed some light. ->> ->> Is it safer to place your mailserver in the DMZ or in your LAN (with ->> NAT configured)? ->> ->> Thank you ->> ->> Imraan ->
