Email Server placement

przyboro · ‎04-04-2003

Our current setup, which is being used until I get the new hardware working, is such that we have two routers with the internal router providing NAT and static routes to specific inside servers such as the web server and the mail server. No DMZ, just an inside and an outside network.

I am creating a new perimeter setup for our move to a new ISP and new hardware. I have a 1721 connecting to the ISP and several routable IPs provided by the ISP. Behind the 1721 I have a PIX 515E which creates a perimeter network for me with an outside, dmz, and inside networks.

I am having a hard time trying to figure out what would be the best scenario for our Lotus Notes email server. Should I place the server in the DMZ where it could do its work. Will I have problems with clients communicating with the email server in the DMZ? Or is a better solution to keep the server on the inside and put some kind of an email relay server in the DMZ? Our Lotus Notes server is more then just an email server, it also holds a few Lotus Notes databases and documents.

I guess I am looking for a best practice scenario.

thanks,

Rodney P.

mbettis · ‎04-04-2003

Well what the documentation says and what I have been reading is to put an email server on a DMZ.

What we have been looking at is putting a (linux) mail relay on the DMZ to relay email from outside to the inside. So mail would come in from internet to DMZ mail relay then to "inside" of our network. This way we could filter and all of that jazz. If we somehow got hacked it would be the relay and not the mail server.

Hope this helps,

Matt

przyboro · ‎04-07-2003

Thanks for the reply. At this point I am testing with IIS 5.0 SMTP. I am however unable to figure out how to pass/relay email into the inside network. I am not sure how I could let the relay server know where the actual mail server is located.

Rodney P.