Firewall Wizards mailing list archives

Re: Exchange 2000 in DMZ ?

From: "Chuck Swiger" <chuck () codefab com>
Date: Tue, 12 Feb 2002 16:20:46 -0500

On Tue, 12 Feb 2002 10:28:56 -0500, Bara Zani wrote:

And not open 16 ports in the firewall ?

I was thinking about a trust relation but that will be almost the same as
instaling amember server .

Anyone have an exchange server 2000 in a dmz config ?

Any tips/links will be great,


If you open your firewall up to the point where Windows domain trust  
relationships work between your internal network and the DMZ, your security is  
almost certainly much weaker than letting port 25 through from the Internet at  
large to your internal network.

Of course, many people here believe that exposing M$ Exchange to the outside  
world is pretty risky in it's own right.  If the mail server in the DMZ is  
simply intended relay external mail to your internal network's mail hub, why  
not run something more secure than Exchange?

-Chuck

       Chuck Swiger | chuck () codefab com | All your packets are belong to us.
       -------------+-------------------+-----------------------------------
       "The human race's favorite method for being in control of the facts
        is to ignore them."  -Celia Green
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

certification of skill Eric Globe (Feb 12)
- Re: certification of skill Marcus J. Ranum (Feb 12)
- Re: certification of skill Drew (Feb 12)
  - Re: certification of skill Frederick M Avolio (Feb 12)
- Re: certification of skill R. DuFresne (Feb 12)
- Re: certification of skill Tony Howlett (Feb 12)
- Exchange 2000 in DMZ ? Bara Zani (Feb 12)
  - Re: Exchange 2000 in DMZ ? Chuck Swiger (Feb 13)
- <Possible follow-ups>
- Re: certification of skill Bill_Royds (Feb 12)
- Re: certification of skill Chad Schieken (Feb 13)
  - Re: certification of skill Paul Robertson (Feb 13)