I'm looking for help both from Linuxquestions and VMware forums since I'm not sure which place would be best to look. I'm setting up a Sendmail server on top of FreeBSD and have read that it's a good security practice to place the SMTP gateway in the DMZ and the mail servers in the LAN. I would like to know if anyone has any experience doing this with VMs, one in the DMZ and one on the LAN.

As for possible security issues, I know that it could be possible to compromise the DMZ VM and possibly get to the LAN VM but, I think the risk is low as VM security is still decently high. Would I be better to use 2 separate boxes?

Thanks in advance

if you mean you have two seperate network connections into a single VMware server instance with a vSwitch for each nice, one for LAN and one for DMZ then in theory your fine, but it's pretty ugly to be using different security zones on a single platform. Your DMZ systems would be much more likely to be physical machines and not VM's for various security reasons. If you are looking for better security then I would often put low level security zone separation before best practises of SMTP traffic.

depending on your security architecture, many linux / bsd based firewall distro's, e.g. smoothwall, pfsense, ipcop, astaro can provide the SMTP gateway functionality within a security device, which might be a simpler way to get what you're alluding to.