Home > Ask the Security Experts > Network Security Questions & Answers > How is internal mail channeled through an enterprise firewall?
Ask The Security Expert: Questions & Answers
EMAIL THIS

How is internal mail channeled through an enterprise firewall?

Mike Chapple EXPERT RESPONSE FROM: Mike Chapple

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 17 July 2007
If public mail servers are located in a DMZ, what is the procedure for channeling internal mail through the firewall?

>
EXPERT RESPONSE
To channel internal mail through the firewall, many organizations use a Simple Mail Transfer Protocol (SMTP) relay server in the DMZ. The enterprise email server (e.g. Microsoft Exchange) sits on an internal network and interacts with users. External parties wishing to send email via SMTP can connect to the SMTP relay system in the DMZ, which is listed as the mail exchanger in DNS. The SMTP relay then accepts -- or denies, according to policy -- inbound messages and relays them to the internal mail server.

Similarly, when the internal mail server receives a message destined for an external network, it accepts the message from the client and then passes it to a DMZ's SMTP relay. The relay then forwards the message to the destination server. This architecture prevents direct connections from the Internet to the internal mail server, providing a layer of isolation.

As an added bonus, you can use a spam-filtering device as your SMTP relay. Devices like SendMail's Sentrion appliances and the Barracuda spam firewall are popular tools that can reduce the spam-filtering burden on clients.

More information:

  • Learn more about how to configure a DMZ.
  • When it comes to a DMZ setup, learn where enterprise users belong.


    • Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


    RELATED CONTENT
    Network Security
    What are the differences between intrusion detection and intrusion prevention?
    Will there be DMZ routing issues if several firewalls serve as the default gateway?
    Should tunnel connections be initiated from an ISP to a internal data center, or vice versa?
    What are the top LAN security issues in a client-server network environment?
    What warning signs will indicate the presence of a P2P botnet?
    What reporting tools are available for an enterprise IDS?
    Is it possible to allow select access to IP addresses using Windows Server 2003?
    Is an IPsec VPN necessary when connecting remote servers that process financial transactions?
    What are best practices for creating an IDS and maintaining a signature database?
    What are the best ways to hide system information from network scanning software?

    DMZ
    Will there be DMZ routing issues if several firewalls serve as the default gateway?
    Should a domain controller be placed within the DMZ?
    If one server in a DMZ network gets attacked from outside, will the other servers be corrupted?
    A security checklist: How to build a solid DMZ
    What server considerations should be made when setting up an internal network's private applications?
    Microsoft NAP-TNC compatibility won't speed adoption, users say
    How do a DMZ and VPN work together?
    What are the risks of placing enterprise users in a DMZ?
    Infrastructure security: Remote access DMZ
    How to configure and implement a DMZ

    Email Security Basics
    Quiz: Email security essentials
    Sophos sees increase in malicious email attachments
    Secure messaging complications result in limited protection
    Podcast: Exchange security -- A quick primer
    Are Internet cafe users' email credentials at risk?
    Enigmail: Wrapping email in a digital security blanket
    Email authentication showdown: IP-based vs. signature-based
    Are challenge-response technologies the best way to stop spam?
    Researchers flag Symantec Mail Security flaws
    Serious Google Gmail flaw exposes sensitive user data

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    DMZ  (SearchSecurity.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice



    Find Security Solutions for Your Business
    Targeted Security Channel Tips for Resellers, Integrators and Consultants
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




    All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts