RE: ISA, Mailrealay and DMZ issues...
- From: "Stefaan Pouseele" <stefaan.pouseele@xxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 11 Feb 2002 21:43:46 +0100
Hi Michael,
it's nothing wrong with placing a secure smtp gateway in your DMZ. That's
also my preferred configuration. You control perfectly with ISA which ports
are visible to the outside world. As said in my previous post, outgoing mail
is stuck in the mail relay server queue because your trihomed setup is wrong
(DMZ should only have public routable ip-addresses). Oh, by the way, your
DMZ subnet should *not* be in the LAT, otherwise it is *not* a DMZ but
another internal interface!
Regards,
Stefaan
-----Original Message-----
From: Michael Wischnowsky [mailto:MWISCH@xxxxxxxxxxxxxxxxx]
Sent: maandag 11 februari 2002 20:13
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA, Mailrealay and DMZ issues...
http://www.ISAserver.org
Yes, this machine is running GFI's mail essentials smtp gateway with iis
5 running on it. I tried calling GFI, but all their documentation
recommends that we put the relay box outside the firewall and I don't
really think that's a good idea. With my current configuration outgoing
email gets stuck in the mail relay server queue, but doesn't seem to
know how to get out. I can do mx lookups on the mail relay server so I
know I can see the outside world correctly.
Thanks.
-----Original Message-----
From: Joseph [mailto:cismic@xxxxxxx]
Sent: Monday, February 11, 2002 1:58 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA, Mailrealay and DMZ issues...
http://www.ISAserver.org
Are you using a stand alone machine in your DMZ to do your mail relay?
Or is it located on your web server?
Thanks,
Joseph
-----Original Message-----
From: michael [mailto:mwisch@xxxxxxxxxxxxxxxxx]
Sent: Monday, February 11, 2002 10:31 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA, Mailrealay and DMZ issues...
http://www.ISAserver.org
I am trying to configure our email to go through our DMZ which currently
has a mail relay server, and I'm having a hard time getting email to go
out. This is how I would like it configured.
ISA SERVER = Trihomed Mail Relay = 192.168.XX.XX Exchange =
10.80.XX.XX
Public = 63.68.XX.XX
Private = 10.80.XX.XX
DMZ = 192.168.XX.XX
Email comes in and hits the ISA server (63.68.xx.xx) which has a SMTP
protocol rule pointing all incoming email to the Mail Relay server
(192.168.xx.xx). The Mail Relay Server than has a Remote Virtual SMTP
Server established on IIS to point all incoming email to the Smart Host
which is exchange(10.80.xx.xx). This configuration works fine for
incoming email, but I can't seem to get things to work for outgoing
email. When an internal users tries to send email, it first hits the
exchange box, which has a SMTP connector pointing to the Mail Relay.
The problem is that the mail relay server wants to send all incoming
email to the exchange server, this obviously becomes a routing problem.
If I tell the exchange server to use DNS instead of putting in the Mail
relay server's IP address, the email goes out but avoids the mail relay
all together, which defeats the purpose of what I'm trying to do.
I have read a few articles and many of them mention the mail relay has
to have a public address, but this then opens up the Mail relay server
for intruders.
Thanks in advance.
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cismic@xxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
mwisch@xxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
stefaan.pouseele@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
