Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
709
Views
0
Helpful
1
Replies

PIX & Mail Server

gbiettler
Level 1
Level 1

‎09-25-2002 09:04 PM - edited ‎02-20-2020 10:16 PM

Where is the most secure place to put the mail server? Inside the PIX? Outside? DMZ? and why?

0 Helpful
1 Reply 1

steve.barlow
Level 7
Level 7

‎09-26-2002 05:51 AM

You should place your mail forwarders/scrubbers (ideally one for inbound and one for outbound - increased load balancing, fault tolerance, security) on the DMZ and have your mail server on the inside. The mail forwarders can scan for virus' etc before they enter your environment or leave your environment. No one on the internet should have direct access to your internal network. That is what the DMZ is for. The internet should have access to the mail forwarders over certain ports (eg 25) at that's it. The forwarders then would have access to your internal mail server only over port 25 or whatever you want. This way, if your forwarders are compromised, they still don't have access to your internal network. It adds another layer of security. And of course use NAT between all the interfaces.

Hope it helps.

Steve

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card