The headquarters of my company wants to take over all email for the subsidiaries. They are proposing an exchange server (located in Europe) behind a firewall so remote users would need to authenticate (using a SecureID token) to check email. This seems a bit over the top to me.
We are located in the USA and currently have a mail server in a DMZ which allows POP3 and SMTP traffic to the mail server. This setup works very well and I have tuned the spam filtering to the point that I don't think it could be any better. Our parent company has made questionable decisions in the past and don't seem to have a clue about the US market. We wouldn't consider having phone calls routed to Germany and I think email is just as important.
Long story short here...what are some thoughts about having mail servers located in a DMZ vs. located behind a firewall. Some arguments for my way of thinking:
- Email is not secure by its nature and having to authenticate to check email adds an unnecessary inconvenience factor especially if you need to supply a random token.
- The DMZ option is more secure for the internal network. True?
- If something fails, I have a chance to fix it quick. If everything is in Europe and the Europeans are gone for the weekend we're screwed.
Any comments on my points or other arguments for or against?
TIA,
-jeff