RE: Exchange in the DMZ

From: Ingersoll, Jared (jared@cswv.com)
Date: 11/26/02

  • Next message: jason d. montgomery: "RE: Secure / Encrypt Terminal Services" 
    From: "Ingersoll, Jared" <jared@cswv.com>
To: 'Dean Pullen' <deanpullen@yahoo.com>, focus-ms@lists.securityfocus.com
Date: Tue, 26 Nov 2002 07:25:39 -0500

    You may have already done this, but does you firewall have any type of
    logging mechanism? This would be the easiest thing to do as you could tail
    the logs while you are attempting to connect to the back-end Exchange
    server. Most firewalls allow you to state a "syslog" host, which will send
    log/error messages to a server running a syslog server (any Unix box) or a
    MS box running a syslog application (this is often supplied by the vendor
    i.e Cisco).

    There are sometimes some ports that MS doesn't mention.

    jared

    -----Original Message-----
    From: Dean Pullen [mailto:deanpullen@yahoo.com]
    Sent: Saturday, November 23, 2002 6:01 AM
    To: focus-ms@lists.securityfocus.com
    Subject: Exchange in the DMZ

    Hi guys,

    I've basically been told that we require an Exchange
    system operated within our DMZ setup. After much
    reading I've decided to go for a front-end, back-end
    Exhange system, with the Exchange front-end in the DMZ
    and the back-end in the LAN. However, even though I've
    opened up all the ports specified in MS' white papers
    between the DMZ and LAN, I cannot connect to the
    domain/active directory from the Front-End server. How
    do I go about this? I mean all I am trying at the
    moment is to connect to our internal Domain by
    accessing the network ID in the My Computer properties
    and trying typing in the Domain. Do I have to do
    anything else?! Sorry for my amateurishness(!) but
    we're a small firm and cannot afford a fully-fledged
    exchange specialist, thus I'm doing it!

    Thanks in advance.

    Dean Pullen.

    __________________________________________________
    Do you Yahoo!?
    Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
    http://mailplus.yahoo.com

    Relevant Pages

    • RE: Webserver on a DMZ still needed?
      ... Certainly your suggestion to have a email server in a DMZ but still have ... having the exchange server on the internal LAN with only the smtp ports ... Talking of the financial cost of setup by the book vs the security cost ...
      (Security-Basics)
    • RE: Webserver on a DMZ still needed?
      ... OWA server. ... Webserver on a DMZ still needed? ... It is still recommended to have your exchange box (and any other outward ... to interact securely with the Domain Controller on the secure subnet? ...
      (Security-Basics)
    • Re: Unable to Receive Email from the internet
      ... Are you running this on Longhorn server? ... Test from outside your firewall: ... Exchange Server 2007: internet email without Edge ... looking at the firewall inbound rules on my LHS. ...
      (microsoft.public.exchange.setup)
    • Re: Unable to join AD domain from DMZ network
      ... To me that points to something outside the machine (Firewall most likely culprit) ... > the captured traffic between the server in DMZ to the DC from internal ... >>> authentication from DMZ to 2003 AD internal network. ...
      (microsoft.public.windows.server.active_directory)
    • Re: Netzschema
      ... Wenn du den SMTP Server in der DMZ zusätzlich auch als OWA Server verwenden möchtest, bedeutet das zwangsläufig, dass du Exchange installieren musst. ... Insofern braucht der DMZ Exchange auch entsprechende Zugriffe auf das AD. ... Denke an das Regelwerk, das nötig ist, um alleine den Intra-Domain-Traffic zu routen, zusätzlich zu den SMTP und Publishing-Regeln. ...
      (microsoft.public.de.german.isaserver)