Ask the Expert

How is internal mail channeled through an enterprise firewall?

If public mail servers are located in a DMZ, what is the procedure for channeling internal mail through the firewall?

    Requires Free Membership to View

To channel internal mail through the firewall, many organizations use a Simple Mail Transfer Protocol (SMTP) relay server in the DMZ. The enterprise email server (e.g. Microsoft Exchange) sits on an internal network and interacts with users. External parties wishing to send email via SMTP can connect to the SMTP relay system in the DMZ, which is listed as the mail exchanger in DNS. The SMTP relay then accepts -- or denies, according to policy -- inbound messages and relays them to the internal mail server.

Similarly, when the internal mail server receives a message destined for an external network, it accepts the message from the client and then passes it to a DMZ's SMTP relay. The relay then forwards the message to the destination server. This architecture prevents direct connections from the Internet to the internal mail server, providing a layer of isolation.

As an added bonus, you can use a spam-filtering device as your SMTP relay. Devices like SendMail's Sentrion appliances and the Barracuda spam firewall are popular tools that can reduce the spam-filtering burden on clients.

More information:

  • Learn more about how to configure a DMZ.
  • When it comes to a DMZ setup, learn where enterprise users belong.
  • This was first published in August 2007

    There are Comments. Add yours.

    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: