• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

exchange 2000 setup

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2000] >> General >> exchange 2000 setup Page: [1]
Login
Message << Older Topic   Newer Topic >>
exchange 2000 setup - 3.May2006 11:30:47 PM   
zmobile

 

Posts: 9
Joined: 12.Oct.2004
From: US
Status: offline
I am just curious about something and hope someone could shed some light on the subject.  I came across a system that was running exchange 2000 and ISA 2000 on wink2 domain.  The exchange server had two NICs, one on the internal network and one connected to the dmz.  Same with the ISA. The exchange server was also configured as a caching only DNS server with forwarders set to the ISP DNS servers along with the SMTP VS set to point to the ISP DNS servers.  All clients and servers except the mail server go through the ISA for Internet connectivity.

The internal DNS never resolves outside the trusted network, Mail resolves through the forwarders set within DNS on this server and clients resolve via ISA connection. 

What is the purpose of this? and is this normal setup? I was never shown this type of conffiguration before, so it kinds took me off gaurd.  I always thought that the internal DC\DNS servers, say 2 of them, would have forwarders set.  All other servers including the exchange server (sitting completely in the trusted network) would resolve to those servers internally and then externally through the forwarders specified within the DC\DNS servers.  I know ISA is a differnet story, but I wanted to show the complete network connections.
Is this a security risk? it seems as though if the exchange (dmz) side of the house gets hacked then they have complete access to the internal network?  just a thought?  Wouldn't it be better to place an SMTP relay server in the dmz and create firewall rules between the relay and mail server?

Can someone help explain this setup to me...
Post #: 1
RE: exchange 2000 setup - 10.May2006 11:00:22 AM   
bipolarchucker

 

Posts: 49
Joined: 20.Jan.2006
From: Leeds, UK
Status: offline
Sounds like you're right, the attack surface is increased with the mail server being attached to the DMZ, it is effectively unprotected from direct attack, unless there's a perimeter firewall which it sounds like there is. Ideally you should bring the mail server right inside the internal network and use the ISA server to publish it. Attack surface is reduced by doing so.

(in reply to zmobile)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2000] >> General >> exchange 2000 setup Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter