mail relay to exchange

[david902]

a more secure solution to allowing any SMTP host connect to your internal exchange server would be to configure a mail relay server in the DMZ.

outbound mail from the exchange server to the internet is an acceptable risk, as I am in control of the connection.

for inbound mail, I want mail to come into my DMZ and wait on a server until the exchange 5.5 server on the inside network goes out the the mail relay server and polls for new mail.

I have outbound mail working, I have inbound mail working, the inbound mail for the domain is sitting in a drop box waiting for the exchange 5.5 server to poll.

how do I get the exchange 5.5 server to poll the server in the DMZ say every 15 minutes, collect the queued inbound mail and then process it.

that should be enough for now.

 

[Marcs41]

well, if you want to make things complicated ...
all you have to do is set the timing in the x-400 connector between the 2 mailserver to poll every 15 min.
But i don't see why you are doing it this way. If the solution is here, let us know it was helpful so others can benefit from it as too

 

[david902]

marcs41, the first rule of network sucurity is:
Never let an untrusted system in your internal network.

I cannot verify, nor gurantee any future "MS vunerability" that may allow the taking over control of a system via port 25.

I do know there are ways people can get all your corporate email addresses by querying your mail server.

thanks for the idea, i'll look into the x-400 connector.

 

[Marcs41]

Don't worry, I know about security, I just wanted to know why you were doing it that way. A decent Firewall can do just the same, with less hassle, and it will protect you from abusive use of port 25. If the solution is here, let us know it was helpful so others can benefit from it as too

 

[TalentedFool]

I don't see the point of having the exchange server poll the relay server every 15 minutes unless its on a dial-up the smtp port will always be open between the two so you've always got that security risk.

Why not just get mail delivered to your relay server in the dmz and allow that to deliver to your exchange server. Our router and firewall take care of the protection of port 25 and if you are that concerned about security you can always install and IDS. ~ Remember - Nothing is Fool Proof to a Talented Fool ~

 

[Marcs41]

If there is an X400 between the 2 (internal - DMZ) there is no SMTP traffic.
But as for the second point, like I also stated, get a decent firewall. Whoever hacks the first (DMZ) box, is very close to your LAN, since it will be trusted up to a point. If the solution is here, let us know it was helpful so others can benefit from it as too

 

[david902]

once I figured out how to map outside address to inside address on out *&^%$ 3COM firewall, pointed the smarthost in the MS SMTP Virtual Server to the public natted address of the exchange server the whole thing worked.

the reason I wanted to poll from the inside of the network was bacause I couldn't figure out how to map the outside IP to a private IP on the inside network.