Computing.Net > Forums > Windows NT > Firewall Design and Email Server locatio

Specialty Forums
Security and Virus
General Hardware
CPUs/Overclocking
Networking
Digital Photo/Video
Office Software
PC Gaming
Console Gaming
Programming
Database
Web Development
Digital Home

General Forums
Windows XP
Windows Vista
Windows 95/98
Windows Me
Windows NT
Windows 2000
Win Server 2008
Win Server 2003
Windows 3.1
Linux
PDAs
BeOS
Novell Netware
OpenVMS
Solaris
Disk Op. System
Unix
Mac
OS/2

Drivers
Driver Scan
Driver Forum

Software
Automatic Updates

BIOS Updates

My Computing.Net

Howtos

Site Search

Message Find

Data Recovery

About

Firewall Design and Email Server locatio

Reply to Message Icon
Original Message
Name: Steve Graham
Date: May 29, 2002 at 06:58:49 Pacific
Subject: Firewall Design and Email Server locatio
Comment:

I would like to know the best way of designing a Firewall with regard to handling incoming and outgoing email. I know I should put the email server on a DMZ, but think I would then also have to allow conduits from the DMZ to the internal network to allow clients to collect and send their mail or have an internal email server as well. I'm concerned about the ports I would have to open up between the DMZ and inside interface, because I've heard about port re-direction attacks.


Report Offensive Message For Removal

Response Number 1
Name: Robb
Date: May 29, 2002 at 18:11:14 Pacific
Subject: Firewall Design and Email Server locatio
Reply: (edit)

There are general rules. But unless you describe the setup and os you are using it's a case of suck it and see.

If you are using SendMail, then Linux has an excellent firewall capability that is easily installed and configured. Each user can use KMail or Outlook, depending on the client OS, without any hassle.

If you are unlucky enough to be using Windows of some flavour on your servers, then you are pretty well stuck with Exchange.

Best practice says, bang a hardware firewall on the router local interface (GNAT?) and off you go. Or you can use a software jobby and just IP everything out or in, depending on your preference.

One more thing. If someone wants to access your LAN, there isn't much you can do to stop them, despite what the 'experts' say. What you can do tho' is monitor activity so that you can take immediate action once the intruder is detected.

Go hardware to be sure. Don't use any kind of Proxy utility. They are rubbish and wouldn't keep my cat out. Besides, that's not what it's for.


Report Offensive Follow Up For Removal







Use following form to reply to current message: 

   Name: From My Computing.Net Settings
 E-Mail: From My Computing.Net Settings

Subject: Firewall Design and Email Server locatio

Comments:
         

 


  Homepage URL (*): 
Homepage Title (*): 
         Image URL:
 
Data Recovery Software



Vga Port Dead?

Laptop Driver NEEDED

PHP 5 IIS 6 HTTP 401.3 error (REPLY

Monitor Settings Change by itself

Local Disk C: Problem

All Posts Awaiting Replies