Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Ronald Eakins (reakinsHERAEUSMTD.COM)
Date: Fri Apr 27 2001 - 17:35:42 CDT
This appears to be overkill. Why install a second exchange server, or put
the exchange server outside the firewall at all?
An smtp forwarder which could include antivirus software like McAfees
WebSeild SMTP (the whole thing in one package - smtp forwarder and antivirus
software) can sit outside in the DMZ and forward the mail to your Exchange
box. The only open port you need is 25 for the WebShield or you can specify
it to send to a more obscure port of your choosing. Set your MX record to
the outside world to the SMTP forwarder, and email away. This prevents you
from opening ports 135, etc and there need be no user names/passwords on the
smtp server whatsoever that coincide to any thing in your real world
All the authentication will stay on the inside!
BTW, Microsoft says (if I recall correctly) not to change the Domain of an
installed exchange server, and Exchange needs to be on a PDC or BDC. Last
time I tried to install it on a normal server, it failed miserably with a
"no, no, no" message related to this.
From: Brian Cervenka [mailto:brianBE-BEE.COM]
Sent: Wednesday, April 25, 2001 2:52 PM
Subject: Domain questions
I have an NT domain with ~30 desktop users and a box running as PDC and also
running Exchange 5.5.
In order to facilitate future expansion, I am adding two separate machines
to become PDC/BDC, and let the Exchange box just do exchange. I would like
to at the same time, create a new domain from scratch and make new
accounts/groups for everyone.
I have the following questions:
- Will it be possible to have the Exchange box in the old domain 'A' and the
real network in the new domain 'B'?
(I realize I would have to go through and change the 'Primary NT Account'
for each user)
- Will there need to be some sort of trust relationship between the new PDC
and the Exchange box?
- Will all the user mailboxes survive this change? (I don't see why not, but
maybe I'm missing something...)
If I want to put a firewall between the users and the exchange box, do I
just allow udp/137 and udp/138 between the internal net and the exchange
box? (There would be a DMZ1 with the real net servers, and a *nix box
forwarding external stuff to the Exchange box which is in a DMZ2). I guess I
would need to have the exchange box point to an internal WINS box? Will this
allow the standard NT authentication exchange normally uses?