Re: Protecting an Exchange server?

["Joe Polk" <listuser () javelinux com>]

You actually would want this:

Internet -> Firewall -> Email gateway -> Exchange

In this scenerio, a port is opened on the Firewall to the gateway. This, in
Exchange terms, is called a "smart host" setup. You could easily do this with
another SMTP server, say like Sendmail on a Linux server, so that all mail
crosses that server. This has not only the advantage you are looking for, but
also the ability to use RBL/SBL spam protection and you could even add
SpamAssassin to it. Of course, you could use an appliance too.

<<JAV>>

---------- Original Message -----------
From: "Mark G. Spencer" <mspencer () evidentdata com>
To: <security-basics () securityfocus com>
Sent: Thu, 13 May 2004 10:51:56 -0700
Subject: Protecting an Exchange server?

> Hello,
>
> I'm wondering if there is any way to locate an Exchange server on my
> internal network and place some kind of email appliance on our DMZ to
> actually send and receive email to the world and to the Exchange 
> server on my internal network?
>
> Basically, I don't want my Exchange server to be accessible to the 
> world in any way.
>
> So ..
>
> Internet -> My Email Appliance -> Firewall -> Exchange Server
>
> I envision setting up a dedicated route in the firewall between the email
> appliance out on the Internet and my Exchange server behind the 
> firewall on my local network?
>
> Are there any email appliances that can work with Exchange in this way?
> It's my (limited) understanding that Exchange server can't "pop" to another
> email server to pull each Exchange users email, so I'm not sure 
> exactly how or if my plan could be put into action.
>
> Thanks,
>
> Mark
>
> ---------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. Mention this ad and get 
> $545 off any course! All of our class sizes are guaranteed to be 10 
> students or less to facilitate one-on-one interaction with one of 
> our expert instructors. Attend a course taught by an expert 
> instructor with years of in-the-field pen testing experience in our 
> state of the art hacking lab. Master the skills of an Ethical Hacker 
> to better assess the security of your organization. Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ----------------------------------------------------------------------------
------- End of Original Message -------


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------