Q

How is internal mail channeled through an enterprise firewall?

WIth public mail servers located in a DMZ, what keeps a firewall from stopping an organization's internal mail? Network security expert Mike Chapple explains how an SMTP relay server coordinates email transmissions.

If public mail servers are located in a DMZ, what is the procedure for channeling internal mail through the firewall?
To channel internal mail through the firewall, many organizations use a Simple Mail Transfer Protocol ( SMTP) relay server in the DMZ. The enterprise email server (e.g. Microsoft Exchange) sits on an internal network and interacts with users. External parties wishing to send email via SMTP can connect to the SMTP relay system in the DMZ, which is listed as the mail exchanger in DNS. The SMTP relay then accepts -- or denies, according to policy -- inbound messages and relays them to the internal mail server.

Similarly, when the internal mail server receives a message destined for an external network, it accepts the message...

from the client and then passes it to a DMZ's SMTP relay. The relay then forwards the message to the destination server. This architecture prevents direct connections from the Internet to the internal mail server, providing a layer of isolation.

As an added bonus, you can use a spam-filtering device as your SMTP relay. Devices like SendMail's Sentrion appliances and the Barracuda spam firewall are popular tools that can reduce the spam-filtering burden on clients.

More information:

  • Learn more about how to configure a DMZ.
  • When it comes to a DMZ setup, learn where enterprise users belong.
  • This was last published in August 2007

    Dig Deeper on DMZ Setup and Configuration

    PRO+

    Content

    Find more PRO+ content and other member only offers, here.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

    Please create a username to comment.

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close