RE: Secure SMTP setup/ISA 2004

["Stephane Auger" <stephaneauger () pre2post com>]

There's a strong risk there.  If your SMTP gets compromised, ISA is
compromised and vice-versa.  A good setup is having an ISA, with another
server acting as an SMTP gateway (Mdaemon is pretty good for that), thus
relaying your inbound and outbound mail to/from your Exchange.


Stephane Auger

-----Original Message-----
From: Dan Tesch [mailto:dan.tesch () comcast net]
Sent: October 23, 2004 12:14 PM
To: security-basics () securityfocus com
Subject: Secure SMTP setup/ISA 2004

I have installed a new 2003 Server with Exchange 2003 and while planning
the deployment I started reading and thinking about not opening my
firewall to the Ex server and putting an SMTP server in my DMZ.

I have a test 2003 Srvr. with ISA on it and I have the
2003 SMTP service running - the 2003/ISA box will receive mail from the
internet and the Ex Srvr will pull mail from ISA.

My question is this- is this a good way to go about it with the SMTP
service running on the ISA server?
How likely might this be to be compromised? and being that the ISA
server with SMTP running on it touches my LAN would it be better to have
ISA or another firewall as the border and a separate box for SMTP?