Re: Mail server inside the network...Safe?

In article <46e70dff$0$10303$815e3792@xxxxxxxxxxxxxx>,
jsmith@xxxxxxxxxxxxxxxx says...
Thank you Leythos for making this clear. The server will go in the LAN
then. We are not using a SBS, rather Server 2003 64-bit with Exchange 2007.

I actually have ordered a Netscreen SSG5 firewall which comes with UTM and
that should block a lot of the stuff.

I've put Exchange servers in the DMZ, when I don't use the normal
Exchange connector for outlook, or when I have a firewall that can
create a connection that is initiated by the LAN user to the DMZ - a
proxy type connection that only allows the DMZ based Email server to
reply back to the LAN users when the lan users contact it first - the
firewall has to handle this.

In all cases, I never put an exchange server or any other DMZ server in
a AD/Domain that has to authenticate with the LAN, never, nada, nope,
don't do it. If the DMZ devices can authenticate (Domain accounts) with
the LAN there is no point in having them in the DMZ.

For secure facilities we do a lot of things one would not really do in a
non-secure facility.


- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@xxxxxxxxxx (remove 999 for proper email address)