Sorry, to clarify, the SMTP traffic would be internet mail traffic to/from the exchange server only.
The clients will be connecting either using OWA, or with Outlook from a citrix full desktop. Regards, Rob Ellis Network Manager Profectus IT Tel 023 9224 7960 Mob 07974 111867 -----Original Message----- From: Jon Butler [mailto:[EMAIL PROTECTED]] Sent: 06 June 2002 18:53 To: Exchange Discussions Subject: RE: lesser of the evils - ssl or smtp First rule: Don't ever let internet traffic talk directly to the heart of your network. Stick something in the DMZ, be it an SMTP relay or an OWA box, but never let 'em talk directly to your Exchange box. The real question behind determinig SMTP or OWA is (in my opinion) a question of functionality -- they both do two toally different things. If you want users to both send AND receive their email, you'll have to open POP3 in addition to SMTP ... also allowing account passwords to transmit in plain text. If you'd rather keep all the data sitting on the Exchange box, give the users the additional calendaring, etc. functionality, and encrypt authentication data -- but at the cost of not allowing users to work offline -- then OWA is the way to go. I recommend defining the needs, then making the decision based on that. > -----Original Message----- > From: Rob Ellis [mailto:[EMAIL PROTECTED]] > Sent: Thursday, June 06, 2002 1:26 PM > To: Exchange Discussions > Subject: lesser of the evils - ssl or smtp > > > Ok, I've got a couple of scenarios, which of them is the least risky? > > Exchange 2000 mailbox server on the LAN, accepting/making > connections using SMTP through a firewall to the internet > > Exchange 2000 mailbox server on the LAN, accepting SSL > secured OWA connections from the internet, again, protected > by a firewall. > > > Basically I am being told I may have to do both with the same > box, but I'd rather have the smtp traffic going through a DMZ > based gateway running McAfee Webshield, and let the OWA > clients come into the internal box over SSL (which I see as > less of a risk than opening up port 25. > > If you had to choose one of the 2 above scenarios, which would it be? > > Regards, > > Rob Ellis > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
