Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Exchange, DMZ, SMTP relay questions

Status
Not open for further replies.
rkmorrow

rkmorrow

MIS
Jan 12, 2001
98
US
I have several best practice questions that maybe someone could help me with.

This is all in the initial stages of setup.

We have a PIX firewall IOS version 4.4, set up for our protection to the inside.
We have an Exchange server on the inside that has never been set up for outside mail. The exchange server works locally and has ICS working on it, I have sent mail to outside accounts using this as the SMTP server.
Right now, there is a hole punched straight through (inside to outside)the Firewall that allows POP3 connectivity.

There is a DMZ that has a 2k server on it that I would like to use as a SMTP relay to the exchange box on the inside.

My concerns are:
1.If the firewall has a statically mapped address from outside to inside, how do I set up the outside to DMZ rules for the relay box? The same address is used for the holes for 25 and 110 ports. I don't think the pix will let me statically map the same address (outside) to DMZ and inside
addresses.

2.Is normal practice to have POP3 connectivity go straight through or should that be relayed also?

3.Does the relay service work for just outside to inside, or do the internal people relay through the DMZ also?

Thanks for any help anyone can give,
rkmorrow
 
Sort by date Sort by votes
This should'nt be too bad to set up.

>1.If the firewall has a statically mapped address from outside to inside, how do I set up the outside to DMZ rules for the relay box? The same address is used for the holes for 25 and 110 ports. I don't think the pix will let me statically map the same address (outside) to DMZ and inside
addresses.

You need to allocate an IP subnet to te DMZ, using private address space. then alter the static conduit to point the outside IP address to the ip address of the mail server on the DMZ. Your correct in that you cannot use the same IP addresses on the inside and the DMZ.
The exchange server on the DMZ then needs to be configured to connect to the server on the inside network. Also you'll need to set up a conduit from the DMZ to the inside.

>2.Is normal practice to have POP3 connectivity go straight through or should that be relayed also?

In my experience I have never setup a PIX to allow POP3 through from outside, just use SMTP. You may have a particular reason for needing this?


>3.Does the relay service work for just outside to inside, or do the internal people relay through the DMZ also?

Inside to outside relay, can either go straight out as the server can use DNS to look up who its delivering to, or you could relay via the DMZ if you need some additional processing on the outgoing mail. Some customers I deal with scan outgoing email for virus or porn checking, like all things it it `it depends on what you want to do'!!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
602
Johnkite
Johnkite
sudhakar346
  • Locked
  • Question
Cisco ASA inside to DMZ issue over public IP
Replies
2
Views
157
kythri
kythri
basball
  • Locked
  • Question
Punching a whole in DMZ
Replies
1
Views
104
joepc
joepc
galvanize
  • Locked
  • Question
FTP Deployment (DMZ)
Replies
1
Views
110
galvanize
galvanize
anoble1
  • Locked
  • Question
Need help setting up PIX 515 for home use along with DMZ PS4 configuration
Replies
0
Views
117
anoble1
anoble1

Part and Inventory Search

Sponsor

Back
Top