relay from dmz in

[jdl508]

Hello,
I have an exchange 5.5 server on NT4 in my domain. This server dials out through etrn to retrieve our mail every 15 min. I am now ready to connect oyur mail server to a static internet connection but want to be secure about it. I have decided to use an smtp relay server in our dmz to reroute the mail into our exchange server. We use a PIX firewall. What is the best way to do this? there isnt a whole lot of info on the internet about it. I have read to just use iis as a relay but it would seem more secure to use exchange and just use it to relay in. Do I need the relay server to be a member of the exchange organization? I want it to just be a standalone box that can only pass port 25 and 110 to and from ip address xxx.xxx.xxx.xxx, Thanks for any replies
jdl

 

[jdl508]

Anyone have an ideas on this???

 

[bp1169]

We have a very similar setup that works very well. We use a pix, a spam filter/relay in the dmz, and exchange on the inside. We forward all outbound email from exchange to the relay (the relay then uses dns to forward to the internet). Once the inbound mail hits the relay, we forward all inbound mail to the static dmz ip of the exchange box. The relay is in no way associated with exchange, exchange knows it as just another smtp server.

We do not use pop so we only allow smtp into the relay and exchange box via the pix. We have one acl that allows smtp to hit the relay, and one acl that allows the relay to connect to exchange on port 25. We only allow domains contained in our organization to be relayed.

Hope this helps.