Best Practice - Setting up Mail server in DMZ

[mizzy]

Hi there,

I have a test network complete with DMZ.

I have setup a Windows 2000 server in the DMZ.
This is a standalone server (not connected to any domain)
I installed Domino R5.0.8 on this server and enabled http.
I successfully configured domino server on this server.(opened port 1352)
I can ever replicate mail boxes to this server.(opened port 1352)
I can every read mail from mail boxes over the internet by entering the following URL in the browser

http://w.z.y.z/mail/luser.nsf.

However at no stage am I asked for a user id or password! Fantastic security.....not!

I need to know what is the best practice when setting up a mail server in the DMZ. This server will be used so that users can read their mail while on the road. (I've tried using POP but its a pain). This server has to be as secure as possible. Imagine someone screwing around with names.nsf!!

Thanks

p.s. I will not be hosting a web site on this server so I do not need IIS. But would it improve security if IIS was installed?
p.p.s. w.x.y.z is the untrusted IP address of firewall.
p.p.p.s. I forward port 80 to my domino server on the DMZ.

 

[gamesman]

Check your ACL and set Anonymous to "No Access".

Jeff Hughes
MT(ASCP), MCP, CIW, CNA