RE: Installing a second Exchange 5.5 server in our DMZ

  • From: Chris Wall <Chris.Wall@xxxxxxxxxxxxxxxxxxx>
  • To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
  • Date: Wed, 11 Feb 2004 15:30:19 -0500

Greg,

   I have a similar setup here.  As a matter of fact, if you are thinking
about implementing GFI mail essentials in a Gateway mode, you can have your
Exchange Bridgehead send all mail to the SMTP box in your DMZ to be
forwarded on to the internet.  Also, you can edit your MX records to receive
all mail destined for your Exchange domain through the SMTP relay server in
the DMZ and then forward to the Exchange bridgehead.  This will put you in a
prime position to simply install GFI Mail Essentials / Security very easily.

   This works great for our org!  Also, be sure to lock down relaying to
only internal IP addresses on the SMTP box.  Another word for the wise - I
had issues with GFI on a Win2003 server box (the postmaster replies were not
working correctly) so I recommend a Win2000 server box as your SMTP relay.

Let me know if you have any questions - I can send you some Disaster
Recovery documentation that I have created as well if it will assist you.

Chris Wall


-----Original Message-----
From: Greg Hermida [mailto:ghermida@xxxxxxxxxxxxxxx] 
Sent: Wednesday, February 11, 2004 3:16 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Installing a second Exchange 5.5 server in our
DMZ

http://www.MSExchange.org/

Thanks for the info!!!  I'll see if I can change his mind :)

-----Original Message-----
From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx]
Sent: Wednesday, February 11, 2004 2:04 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Installing a second Exchange 5.5 server in our
DMZ


http://www.MSExchange.org/

You're missing the supporting infrastructure (and the costs associated) such
as the domain controller, wins, etc.  If you have the hardware for the
Exchange server, why not use the OS as a relay and forgo the installation of
Exchange?  That would be cheaper IIRC.

Performance is another issue to contend with.  Exchange 5.x is significantly
impaired compared to the throughput of the SMTP server.

Al 

-----Original Message-----
From: Greg Hermida [mailto:ghermida@xxxxxxxxxxxxxxx]
Sent: Wednesday, February 11, 2004 2:52 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Installing a second Exchange 5.5 server in our
DMZ

http://www.MSExchange.org/

I may still have to go through the pain.  We MAY have the budget to purchase
a 3rd party Anti spam program such as GFI Essentials so my boss still wants
me to at least research this issue further.  I do like the SMTP relay option
though.  Supposing I do have to go through with the second Exchange install,
am I missing any significant issues??

thanks again,

Greg

-----Original Message-----
From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx]
Sent: Wednesday, February 11, 2004 1:37 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Installing a second Exchange 5.5 server in our
DMZ


http://www.MSExchange.org/

I second that.  To install Exchange in the DMZ is a pain that requires other
supporting infrastructure (NT domain for example) and since you're not
installing the other services you would have an easier time securing a
Windows 2K/3 SMTP relay in the DMZ.

Al
 

-----Original Message-----
From: Will Taborda [mailto:wtaborda@xxxxxxxxxxxx]
Sent: Wednesday, February 11, 2004 1:26 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Installing a second Exchange 5.5 server in our
DMZ

http://www.MSExchange.org/

As an alternative maybe you can use the SMTP service that comes with Win2k.
You can allow your apps to relay by allowing relay through IP or
authentication.

Its simpler and cheaper than using Exchange.

Just a thought.

Will

-----Original Message-----
From: Greg Hermida [mailto:ghermida@xxxxxxxxxxxxxxx]
Sent: Wednesday, February 11, 2004 12:52 PM
To: [ExchangeList]
Subject: [exchangelist] Installing a second Exchange 5.5 server in our DMZ

http://www.MSExchange.org/

My boss would like to turn on relaying on our one and only Exchange server
for application purposes.  He has proposed installing a secondary exchange
server in our DMZ.  I believe I can get away with only the DMZ IMS
configured to transfer "inbound only", delivering messages by "forwarding
all messages to host" (using the IP of the internal exchange server), and
rerouting incoming SMTP mail to our email domains to "inbound".  I would
like to have as many other exchange functions as possible on the DMZ
exchange server to be disabled or deleted (public information store).
Is
there anything else I need to do to get the DMZ exchange server to function
simply as a '"forwarding" SMTP server??  Both are on Win2k servers, running
5.5 Enterprise, and internally we have a NT 4 domain.

Thanks,

Greg



CONFIDENTIALITY NOTICE: This E-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information.  Any unauthorized retention, review, printing,
copying, disclosure or distribution is prohibited.
If you are not one of the intended recipients, please contact the sender by
reply e-mail or phone, destroy all copies of the original message and keep
the information contained here confidential.

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------



CONFIDENTIALITY NOTICE: This E-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information.  Any unauthorized retention, review, printing,
copying, disclosure or distribution is prohibited.
If you are not one of the intended recipients, please contact the sender by
reply e-mail or phone, destroy all copies of the original message and keep
the information contained here confidential.

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------



CONFIDENTIALITY NOTICE: This E-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information.  Any unauthorized retention, review, printing,
copying, disclosure or distribution is prohibited.
If you are not one of the intended recipients, please contact the sender by
reply e-mail or phone, destroy all copies of the original message and keep
the information contained here confidential.

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------


Other related posts: