I saw the draft. I think you're making yourself an unnecessary hard life with that proxy running 2 eths. Place the proxy INTO the DMZ not in front of it. <snip> ok, changed and uploaded.
<going into technical details> Proxy Fine. And now you make the proxy a Linux box running Squid http/ftp proxy. It's easy to set up, it's not Windows and therefore it's more secure. Technical Detail: You have to learn about passive ftp if you want to run a Squid proxy. If you want to save up this proxy box in your draft, you can put Squid on the firewall protecting your internal LAN. Mail Filter Attachment filtering can happen on the mailserver itself. If you set up an exchange server, attachment filtering is well supported. if you don't need the functionality of exchange server, then set up a linux box running postfix for smtp and some pop3 server. Postfix mailer daemon is ultra easy to set up and is very nice for filtering attachments. Moreover postfix is quite secure. Philipp