The answer to that is - neither! The usual way to configure mail infrastructure in most small-to-medium sized businesses is to have a mail gateway (sometimes known as a relay server) in the DMZ, and your production mail server in the LAN.
The only function in life for the mail gateway is to receive mail from the outside, and send it to the mail server on the inside. While that email is in transit through the mail gateway, it's also usually a good idea to scan it for viruses before it hits your internal mail server, and you may wish to do other filtering as well, perhaps for spam. Some people (me!) go all the way, and set up their firewalls so that all mail outbound from the production mail server is also routed through the mail gateway in the DMZ, making it a mail firewall, in some sense. If you go even further, and set up your firewall so that SMTP doesn't pass through it anywhere except through the mail gateway in the DMZ, you've made great strides in your network's security. Kurt | -----Original Message----- | From: Imraan Kadir [mailto:[EMAIL PROTECTED]] | Sent: Tuesday, May 07, 2002 06:34 | To: [EMAIL PROTECTED] | Subject: Mail server | | | Hi There | | Can somebody please shed some light. | | Is it safer to place your mailserver in the DMZ or in your | LAN (with NAT | configured)? | | Thank you | | Imraan | |
