smtp server and w2k domains

[Bojan Zivancevic]

Hi,

I was wondering what do to in this case: company's smtp and dns server (24h
online) publicaly available on the internet with exchange 2000. It is the
only server on the DMZ. Internal network has w2k domain.

I was NOT going to add this server to the domain (not even as a stand alone
server) because it's on the DMZ. But will I have any kind of problem
regarding communications with the domain members? Or the solution is to set
up another domain on this mail server and to enable trust relashionship with
the internal one?

Any help appreciated

Bojan

 

[Dajo Rybski]

I would never put my Exchange server in the DMZ.
Opening the ports needing for a trust relationship is not good since there
are so many and important ones your DMZ pratically gets pointless.

Put your Exchange server in the LAN and use a relay server in the DMZ or let
your firewall handle that.

Dajo

 

[Bojan Zivancevic]

OK, maybe I can do it differently. Exchange PC has two NICs, so I connect
LAN to the first card, router to the second one, start NAT on that server
and maintain firewall on the router?

Tell me what is the problem with Exchange and DMZ. I thought mail servers
can go to DMZ?

I realized Exchange needs domain connectivity. Is that the problem you
mentioned with DMZ?

Thanks

Bojan