Re: Mail server inside the network...Safe?



In article <46e70735$0$10296$815e3792@xxxxxxxxxxxxxx>,
jsmith@xxxxxxxxxxxxxxxx says...

Actually this is a brand new network. There will be only one server for
some time. This server will be the DC as well as have the Exchange Server
2007 running on it. So, that is why I am not sure where I should put in the
network or the DMZ.

Can I put this on the DMZ and install a second NIC, one NIC connected to the
DMZ and the other to the private network?

If your Exchange server is the only Exchange server, and it's a single
server for the network, why would you even think that putting it in the
DMZ would protect anyone?

Unless you make it a stand-alone DC/Exchange box, with NO CONNECTION to
the LAN servers/AD structure, you're going to have to allow replication
between it and the LAN, which means that if they hack it, they get the
rest of your network.

SBS 2003 runs as a single server DC with Exchange, and it's painless.

If you have a real firewall you can block a lot of countries (unless you
need email from them) and your SPAM/AV filter that is EXCHANGE AWARE can
protect the store - not to mention that most firewalls can remove bad
headers, bad message sizes, bogus headers, and even remove content based
on mime type from messages.

So, the server as a DC, in the LAN, is the only place for it - putting
it in the DMZ would defeat the reason for having a DMZ.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@xxxxxxxxxx (remove 999 for proper email address)
.



Relevant Pages

  • Re: Fully parallel Scheme-based language w/ evaluator
    ... Windows Server 2003 and networks in simple - and irreverent - terms. ... If networking really is a big deal, ... Concepts and Terminology in Part I, and The Design and Deployment of Network ...
    (comp.lang.misc)
  • Linux, New Corporate Network, Cisco Routers, T1 Ethernet Handoff, DMZ...
    ... I am setting up a network for a company that I am part owner of. ... internet go into my Cisco 2621 router that has 3 10/100Mbs FE interfaces. ... the same switch creating the "sandwich" DMZ setup with the public devices in ... PBX server that uses a straight VoIP connection all the way to our service ...
    (comp.os.linux.networking)
  • New Corporate Network, Cisco Routers, T1 Ethernet Handoff, DMZ...
    ... I am setting up a network for a company that I am part owner of. ... internet go into my Cisco 2621 router that has 3 10/100Mbs FE interfaces. ... the same switch creating the "sandwich" DMZ setup with the public devices in ... PBX server that uses a straight VoIP connection all the way to our service ...
    (comp.security.firewalls)
  • Re: SBS2000 and a DMZ
    ... This network is my HOME network that I use as a test bed to learn things ... the systems in the DMZ are my sons desk tops and laptops. ... but could not get CDDB(an internet service that is used to identify music ... The W2K3 server is a recent addition and wanted it for storage of the boys ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: Is Remote Desktop Web Connection secure?
    ... 80 or 443 to an IIS Server. ... I'd opt for the SSL VPN in DMZ Option, i.e. using AEP Networks NSP or Citrix ... open up your internal network directly to the internet is just asking ...
    (microsoft.public.windows.terminal_services)