Hi,
We current use an email/hosted exchange server (provided by 3rd party company).
Our production DNS (RH5) server has got the MX rec configured for this 3rd party mail relay server. So in order to resolve hostnames to send outbound mails an A record entry is also required on the external DNS server based on individual servers public IP adddress (in order to relay mails outbound).
The following concern has been raised re security:
- Having public addresses on a public DNS; servers are advertised publically therefore security risk.
In my opinion the production servers are located in the DMZ and so no internet facing IP can traverse onto the LAN without hitting the DMZ.
With the outbound connection configured on the external fw to only allow certain IP address to connect to a certain destination address - so this should remove any risk, as no one would see it.
Question: Would it be better practice to create our own SMTP server and have one public IP address presented to the external DNS server or is this an unnecessary overkill?
...interested in your thoughts/opinions on this.
Regards,
D.