Re: Mail server inside the network...Safe?

In article <46e70735$0$10296$815e3792@xxxxxxxxxxxxxx>,
jsmith@xxxxxxxxxxxxxxxx says...

Actually this is a brand new network. There will be only one server for
some time. This server will be the DC as well as have the Exchange Server
2007 running on it. So, that is why I am not sure where I should put in the
network or the DMZ.

Can I put this on the DMZ and install a second NIC, one NIC connected to the
DMZ and the other to the private network?

If your Exchange server is the only Exchange server, and it's a single
server for the network, why would you even think that putting it in the
DMZ would protect anyone?

Unless you make it a stand-alone DC/Exchange box, with NO CONNECTION to
the LAN servers/AD structure, you're going to have to allow replication
between it and the LAN, which means that if they hack it, they get the
rest of your network.

SBS 2003 runs as a single server DC with Exchange, and it's painless.

If you have a real firewall you can block a lot of countries (unless you
need email from them) and your SPAM/AV filter that is EXCHANGE AWARE can
protect the store - not to mention that most firewalls can remove bad
headers, bad message sizes, bogus headers, and even remove content based
on mime type from messages.

So, the server as a DC, in the LAN, is the only place for it - putting
it in the DMZ would defeat the reason for having a DMZ.


- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@xxxxxxxxxx (remove 999 for proper email address)