Firstly, apologies, I am a newbie.
I would be most appreciated if anyone can help me with the following setup:
I am trying to get my MS Exchange server 5.0 to route through our Checkpoint firewall to our ISP to send and recieve mails. We are using Checkpoint Firewall-1 v4.0 on a dual homed NT system. I can send mails out, but not recieve them. The sender recieves an "unroutable mail domain" error message. I have asked our ISP to foreward any mail with "@ourdomain.co.uk" onto the ipaddress of our firewall but I'm not sure what do from that point on or what needs to be configured within the firewall to allow the incoming mails to see the mailserver. I have allowed SMTP but do I need to tell my ISP to foreward mail onto another free external IP-address rather than the FW and use static NAT to translate this to the internal address of the mailserver?
Also, am I right in thinking that this seems to pose an obvious security risk, would it be better to put another network card into the firewall and setup a DMZ with some sort of SMTP gateway/proxy as a go-between. In this instance, would I tell my ISP to foreward mails onto the firewall IP-address or onto the IP-address of the SMTP Proxy server? Do you know of any software that can be used as the SMTP relay/gateway (I have a copy of MS Proxy server v2.0 but I'm not sure if it can do the job)?
Also, we don't host our own DNS server, so would this cause a problem or can we just foreward DNS queries onto our ISP's?
Any help would be *much* appreciated and sorry if I've asked stupid questions I'm still learning.
I would be most appreciated if anyone can help me with the following setup:
I am trying to get my MS Exchange server 5.0 to route through our Checkpoint firewall to our ISP to send and recieve mails. We are using Checkpoint Firewall-1 v4.0 on a dual homed NT system. I can send mails out, but not recieve them. The sender recieves an "unroutable mail domain" error message. I have asked our ISP to foreward any mail with "@ourdomain.co.uk" onto the ipaddress of our firewall but I'm not sure what do from that point on or what needs to be configured within the firewall to allow the incoming mails to see the mailserver. I have allowed SMTP but do I need to tell my ISP to foreward mail onto another free external IP-address rather than the FW and use static NAT to translate this to the internal address of the mailserver?
Also, am I right in thinking that this seems to pose an obvious security risk, would it be better to put another network card into the firewall and setup a DMZ with some sort of SMTP gateway/proxy as a go-between. In this instance, would I tell my ISP to foreward mails onto the firewall IP-address or onto the IP-address of the SMTP Proxy server? Do you know of any software that can be used as the SMTP relay/gateway (I have a copy of MS Proxy server v2.0 but I'm not sure if it can do the job)?
Also, we don't host our own DNS server, so would this cause a problem or can we just foreward DNS queries onto our ISP's?
Any help would be *much* appreciated and sorry if I've asked stupid questions I'm still learning.