Its
just locking it down a bit tighter. Fewer ports open = fewer exploits
available. Bringing your Exchange server inside the LAN makes it virtually
invisible to those on the outside that would do evil things to it. Its way
easier to lock down a server that only has to do one thing - SMTP - port 25,
than to lock down an Exchange server, which needs so many other ports
open besides simple SMTP.
You can set up a
separate SMTP server on your DMZ, just for Internet mail, and have it forward to
your Exchange server through your firewall (and vice-versa). Have
your firewall configured to ONLY allow traffic from your SMTP server into your
Exchange server via the DMZ. With this setup you can also implement
attachment/content filtering outside of your Exchange server (using Mail
Essentials, NAV for Gateways, or a similar product).
Its early, so I hope I've explained this clearly
- if anyone has a different opinion, or configuration preference, I am sure I'll
hear about it as the day goes on ;-)
Jim
Jim Holmgren MCSE, CCNA
[EMAIL PROTECTED] Network Engineer Advertising.com We bring innovation to interactive
communication.
*********************************************************** |
Title: Message
- RE: Securing Exchange Server Ben Winzenz
- RE: Securing Exchange Server Martin Blackstone
- RE: Securing Exchange Server Allen Crawford
- Re: Securing Exchange Server Manish Govindji
- RE: Securing Exchange Server Martin Blackstone
- RE: Securing Exchange Server Clark, Steve
- RE: Securing Exchange Server Allen Crawford
- RE: Securing Exchange Server Ben Winzenz
- RE: Securing Exchange Server Ben Winzenz
- RE: Securing Exchange Server Allen Crawford
- Jim Holmgren