Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX & Mail Server

Where is the most secure place to put the mail server? Inside the PIX? Outside? DMZ? and why?


Re: PIX & Mail Server

You should place your mail forwarders/scrubbers (ideally one for inbound and one for outbound - increased load balancing, fault tolerance, security) on the DMZ and have your mail server on the inside. The mail forwarders can scan for virus' etc before they enter your environment or leave your environment. No one on the internet should have direct access to your internal network. That is what the DMZ is for. The internet should have access to the mail forwarders over certain ports (eg 25) at that's it. The forwarders then would have access to your internal mail server only over port 25 or whatever you want. This way, if your forwarders are compromised, they still don't have access to your internal network. It adds another layer of security. And of course use NAT between all the interfaces.

Hope it helps.