Re: OT Slightly: Exchange 2000

• From: "Thor" <thor@xxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 24 Sep 2003 12:50:26 -0700

Hi Stephena- I have this exact setup... The DMZ is what you want to make
attackers get through in order to GET to Active Directory... Not only is
EX2k a nice price to get from a DMZ breech, the ports you would have to open
up (assuming it contains mailboxes) to allow client access from the LAN
would be far too dangerous.

I highly recommend a DMZ SMTP-Gateway that will accept SMTP from the
external ISA box, scan for viruses and strip attachments, that then
smart-hosts the mail to the perimeter ISA that publishes to the internal
EX2k box.  Something like this-

Net -> Ext ISABox -> SMTP Server Publishing to DMZ SMTP Gateway -> DMZ SMTP
Gateway Actions -> Smart Host delivery acto perimeter ISA IP Address ->
Server Published to Internal EX2k.

With SMTP filtering on the ISA boxes.

My .02 anyway...

T


----- Original Message ----- 
From: "Stephen Herrera" <sherrera@xxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, September 24, 2003 12:37 PM
Subject: [isalist] OT Slightly: Exchange 2000


> http://www.ISAserver.org
>
>
> I am preparing to deploy and Exchange 2000 server. I have a back to back
ISA
> server environment. I am doing some test installs of Exchange before I put
> the production server in place. I am curious as to where is the preferred
> place to put the server, in the DMZ or on the LAN. I was thinking the DMZ
> until I saw that you can see all of your Active Directory through
exchange.
> Any input is appreciated.
>
>
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
thor@xxxxxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
>

Other related posts:

• » OT Slightly: Exchange 2000
• » Re: OT Slightly: Exchange 2000
• » RE: OT Slightly: Exchange 2000
• » Re: OT Slightly: Exchange 2000
• » Re: OT Slightly: Exchange 2000

1. Home
2. isalist
3. Archive
4. 09-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---