> >I'd recommend the 100-s which I think is under $500. Put your IMGate
> >in the DMZ. and Imail on the "inside" with port mapping to it.
>
>Why wouldn't you put imgate on the inside as well and allow only port 25
>traffic?
IMGate in the DMZ keeps all the mail abuse outside the firewall,
rather than dragging it all through the firewall. Think about mail
bombs and address harvesting sucking all the throughput out of your
firewall. 1000's mailer-daemon msgs from IMGate trying to bounce stuff.
For outgoing mail, IMGate outside the firewall does all the DNS
lookups with a DNS in the DMZ or upstream. Plus all the SMTP traffic
and delays, sending retries are between IMGate and Internet, not
through the firewall.
Len
http://MenAndMice.com/DNS-training : In Austin, TX; SFO, CA; Paris,
FR
http://BIND8NT.MEIway.com : ISC BIND 8.2.3 "NT3" for NT4 & W2K
http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways
______________________________________________________________________
The HKSI-IMail Admin List is hosted by........ Humankind Systems, Inc.
Questions, Comments or Glowing Praise...... mailto:[EMAIL PROTECTED]
Searchable List Archive.... http://www.mail-archive.com/[email protected]
To Manage your Subscription......... http://humankindsystems.com/lists
