in our current setup, mail server is connected in internal network as mentioned below :
internet request --> Firewall --> Network load balancer --> zimbra mail server.
Our client are using outlook + zimbra web mail.
below ports are open on internet :
443 --> for webmail
80 --> for antivirus update
We are supporting 1000 users with 2 different domains on single server installation...and may be in future we will migrate to multi-server installation for horizontal scalability.
Now our architecture team is suggesting to move mail server to DMZ network.
I gone through few DMZ related post in this forum..
I just need to understand is this a best practice ? And which things we need to consider as per security aspect ??
Thanks in advance.