RE: Question on Security Issue

  • From: "Cresswell, Charles" <charlesc@xxxxxxxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Wed, 26 Feb 2003 15:51:46 -0000

Personally I cannot see any reason to even have a DMZ in some cases. I
run a network for  a similar sized company and the EX2000 server is
quite happy living behind the firewall as an open relay. It allows us to
use it for normal desktops as well as a target for mailshot software
from particular desktops. It then passes mail through our firewall
(which is locked down to only allow port 25 traffic from our store &
forward host). To the outside world our firewall is our exchange server,
but all its ports are closed.


Even web mail is not an issue afaik as it's a simple case of mapping
port 80 from one of our external router ips, although the advice from MS
seems to be not to attempt this on a different port (I have tried a
couple of times and it does seem to fail) so you need a few different
external ips if you are also going to be running a webserver from inside
your firewall as well, which is something I am about to do.


Better in my view to concentrate your external security at one point
when bandwidth and other considerations are not an issue.



Charles Cresswell

ACT <> 


-----Original Message-----
From: Gene O'Brien [mailto:Gene@xxxxxxxxxx] 
Sent: Wednesday, February 26, 2003 3:35 PM
To: [ExchangeList]
Subject: [exchangelist] Question on Security Issue

Hi All,



Other related posts: