Security Basics mailing list archives
Re: DMZ to LAN SMTP connections
From: "Kurt Buff" <kurt.buff () gmail com>
Date: Fri, 14 Mar 2008 10:07:14 -0800
On Fri, Mar 14, 2008 at 3:07 AM, ыфзкфт <sapran () gmail com> wrote:
Hi list.
<snip>
And I wonder is that rule allowing MTAs to connect Exchange ESMTP correct. I mean I heard a lot about denying connections from the networks with lower security level into secured networks, LAN in this case. Is this restriction to SMTP traffic only enough, or should I choose some other design: NAT Exchange:25/tcp outside to DMZ, use fetchmail, or something like that? Thanks in advance for all your response.
Assuming that the DMZ is hanging off a port of your firewall, I would think that opening port 25 from your postfix boxes (only!) to your Exchange server (only!) is worth the minimal amount of risk, especially if you consider the complexities in installing and maintaining a Cygwin installation on your Exchange server. This assumes that you've properly locked down your Postfix boxes and the OS on which they run, and monitor them as you should. Kurt
Current thread:
- DMZ to LAN SMTP connections ыфзкфт (Mar 14)
- Re: DMZ to LAN SMTP connections Ansgar -59cobalt- Wiechers (Mar 14)
- Re: DMZ to LAN SMTP connections Kurt Buff (Mar 14)