I've had a lot of success with stand-alone servers in the DMZ - throw an AV scanner on it and relay inbound mail through it - throw ISA on it and publish OWA there; you can even terminate the SSL connection there if you are so inclined. - the nice thing about stand alone servers is that you don't need to open up a bunch of holes to the inside so a member server can talk to the domain - ISA doesn't need AD to publish OWA
front-end back-end is only helpful if you have multiple mailbox servers and you want to provide a service like POP/IMAP/OWA externally. Front-end servers in the DMZ = exchange servers in the DMZ = member servers in the DMZ = lots-o-wholes b/t DMZ and internal network. I prefer to keep all the exchange servers inside and publish them via ISA. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Chris Scharff Sent: Tuesday, June 25, 2002 2:28 PM To: Exchange Discussions Subject: RE: Best Practice to utilize a DMZ with Exchange Put %smtp relay% wherever you'd like it to be. DMZ is fine. > -----Original Message----- > From: Exchange Server [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, June 25, 2002 2:25 PM > To: Exchange Discussions > Subject: Best Practice to utilize a DMZ with Exchange > > I am curious as to what is the best practices to utilize a DMZ and > Exchange 2000. I am trying to avoide opening up port 25 to my internal > network where my exchange server is. I don't want to put the exchange > server on the DMZ. So what are the most secure solutions. Should I go > with a front end back end solution, or could I put a unix smtp server on > the dmz that queued the mail for the exchange server? _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]