If you look in technet there's a way to set your MAPI server (Exchange) to
use static ports for it's communications to clients, instead of random
ports. By implementing this change, you could setup OWA in the DMZ, and
just open those ports from the OWA server to the Exchange server. It's
still not elegant, but probably the best solution given the alternatives.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 11, 2000 5:28 AM
To: [EMAIL PROTECTED]
Subject: secure webmail and firewall issues...
Hi,
Since i got the wonderfull incumbency of setting up a secure webmail
for my org, i've been thinking how this "free-webmail-service people"
design their sites... The problem is we need to implement it using
"outlook-web", "pdc" and "exchange". Considering the way they
communicate, it seems to microsoft God has made the world flat.
But then came firewalls and firewalls divided "outlook-web" from
"pdc and exchange", and they were never more able to talk without a
big hole between our external and internal nets.
The first alternative was reverse-proxying the connection to our
internal net, where outlook-web, pdc and exchange all live.
If someone exploits outlook-web, he gets the internal net, thats
exactly what we're trying to avoid.
The sec alternative was DMZing the outlook-web. But still we got the
[135,137,138,139,1024-65535] tcp/udp hole pointing to pdc and
exchange. So if outlook-web is taked, pdc and exchange are exposed.
Looks better, but does it look secure ?
I've been looking IMP from horde.org [free webmail] and it looks good
'cos you only need IMAP opened from dmz to internal net, anybody has
been using it successfully ?
That's it. I need message-retrieving, i need authentication, i need
web interface, and i need it to be secure.
Please, don't tell me i need to pray...
Thanks in advance!
MailBR - O e-mail do Brasil -- http://www.mailbr.com.br
Fa�a j� o seu. � gratuito!!!
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
