May 22nd, 2005 05:46 AM
I don't buy it. Those are weak excuses for bad policies. I'm not aware of any problems with Exchange working in a DMZ, as long as the clients inside the trusted network initiate the connection, even so, lets say you dont want Exchange in a DMZ because it sucks, fine. You run a fetchmail from your Exchange to get the mail from the DMZ. As for passwords, DONT USE PLAIN TEXT PROTOCOLS, this isnt 1985, Exchange and everyother groupware solution on the planet supports secure authentication, besides if someone 0wns the relay server in the DMZ, they can read all the mail anyway and dont need any passwords. You should not allow conections from the DMZ to the trusted network, its not secure.
\"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier