Exchange in the DMZ (Full Version)

All Forums >> [Microsoft Exchange 2003] >> Installation



Message


trebor -> Exchange in the DMZ (15.Sep.2011 6:19:30 AM)

Hello

I'm looking at options for replacing an old Mimesweeper server we use as the external facing part of our Exchange system. I thought that we could just put an Exchange server in the DMZ, but I'm not entirely sure after reading this:

http://blog.sembee.co.uk/post/Why-you-shouldnt-put-Exchange-2003-in-a-DMZ.aspx

Alternatives are Exchange in the trusted part of the LAN and a NAT rule to allow incoming and outgoing connections - we use a 3rd party as the public face of our email so the firewall would only allow connections to them.

Or use IIS SMTP connector on a server in the DMZ. Problem with this is that it only supports a single smart host and the 3rd party we use has 2 gateways that we need to use.

Any thoughts?

Thank you.




mark@mvps.org -> RE: Exchange in the DMZ (15.Sep.2011 7:49:22 AM)

You could look at putting a 2010 Edge server into the DMZ. You wouldn't get full functionality but it's something people have done in your position before.
Ideally you'd spend the money that you're budgeting for the mimseweeper replacement on a 2010 server and get slightly more up to date but if you can't do that the Edge is an option.




trebor -> RE: Exchange in the DMZ (15.Sep.2011 8:30:17 AM)

Thanks for the answer.

I like the idea, but I will need to get some Exchange 2010 skills in the team before I can roll it out.

Oh and I need to get TLS for communication between us and the 3rd party.




mark@mvps.org -> RE: Exchange in the DMZ (15.Sep.2011 8:40:02 AM)

Yeah, TLS will take some up-skilling to make sure you can troubleshoot any glitches when they arise.




Page: [1]