Re: Mail server

From: M Ravi Kumar (mravi@sasken.com)
Date: 05/10/02


Date: Fri, 10 May 2002 09:39:45 +0530 (IST)
From: M Ravi Kumar <mravi@sasken.com>
To: Naren T <naren@swiftech.net.sg>


One more query, if this mail server needs to be accessed by romaing users
(employee) through web based; eg: like yahoo or hotmail, then DMZ is
recommended.

Assuming that mail server is there in DMZ ( +firewall, +antivirus
scanner,), whereas the DMZ network should not be accessed from LAN, in
that case how does the user will access the mails once he is back to
office.

Regards,
Ravi

On Thu, 9 May 2002, Naren T wrote:
->depends on what mail server .. and what is your network topology ... .
->
->Of course, DMZ is recommended ..
->
->Alternate, use a relay server (like Trend micro viruswall, to do virus
->cleaning as well .. ) and place the Mail server on the LAN.
->
->That way you will not directly expose your mail server to external world,
->and also have your lan users accessing / downloading mail at 10/100 speed.
->
->hope this helps ..
->
->Naren
->Singapore
->----- Original Message -----
->From: "Imraan Kadir" <imraan.kadir@stt-global.com>
->To: <security-basics@securityfocus.com>
->Sent: Tuesday, May 07, 2002 9:34 PM
->Subject: Mail server
->
->
->> Hi There
->>
->> Can somebody please shed some light.
->>
->> Is it safer to place your mailserver in the DMZ or in your LAN (with NAT
->> configured)?
->>
->> Thank you
->>
->> Imraan
->



Relevant Pages

  • Re: Firewall and DMZ topology
    ... If the MAIL server is in the DMZ. ... >able to sniff all the traffic on the internal side of the firewall, ... >>The Gartner Group just put Neoteris in the top of its Magic Quadrant, ...
    (Security-Basics)
  • RE: Email server+network architecture
    ... There doesn't have to be ONE DMZ. ... "internal" mail server. ... Communications with 'customer data' are not permitted ... permit smtp/POP3 to all users outside, and this does not meet the 'no ...
    (Security-Basics)
  • RE: Mail server
    ... it has absolutely no impact in regard to the mail server ... it does matter in relation to the hosts on those segments. ... your traffic from port 25 of WAN net to your DMZ net or WAN net to LAN ...
    (Security-Basics)
  • Re: Firewall and DMZ topology
    ... Tha basic idea is that the firewall will ... So the LAN will be isolated ... from the DMZ ... ... > If the MAIL server is in the DMZ. ...
    (Security-Basics)
  • Re: Mail server security - best practices?
    ... The mail server in the DMZ does not need to have access to port 25 on ... As a stateful firewall, pf can be ... Is it because email is "quantified" when moved to the internal network? ...
    (comp.unix.bsd.openbsd.misc)