Hi Patrick, I've set up some solutions like this for some customers.
What we have done is the following :: A web server in DMZ (Apache or IIS, doesn't matter technically, but don't want to restars religious war..) Exchange server in Lan, with IIS. Because IIS as to speak RPC with Exchange, and we don't want to see this protocol trough the firewall, Exchange 2000 permit to put an other web server in Front, and requesting only HTTP (A kind of Proxy) Users have to use a 128 Bit SSL Link from client to Proxy in DMZ. Then HTTP from DMZ to Inside. Concerning Anti-virus : I hardely recommend Sybari's ANTIGEN. A very good and stable AV for Exchange, using 2 different Engine (List is long. See www.sybari.com) So POP 3 was not needed. Concerning Incoming mails, you can add a layer with installing a Mail relay in DMZ. We use sometime an IIS with GFI Mail essential.. Very good and stable. (Win32 shop) Or you can put some *nix mail, with anti-spamming rule, etc... A good option is to mix the OS's : *Nix in DMZ, and Win 32 in Lan, in this case. You can contact me off-list, should you require more detailed info and Schema we already have done... Useless to say that all DMZ and Intern server have to be fully patchen downstripped, etc.. Sometime, a good IDS in DMZ (Snort... works on *NIX and win32) add some more security. Good luck Max -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: mardi 19 mars 2002 22:26 To: [EMAIL PROTECTED] Subject: Setting up Exchange Server -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Everyone, In the next week or so I am supposed to setup and exchange server for my company. The server is going to be Exchange 2000 and it will be placed in a pre-existing active directory setup. Currently we are using a third party to host our mail services. So I have been tasked with building and securing the new mail system. Things that I must provide for my users are the ability to view there mail from the web and the ability to pop mail off the server. I have done some searching on google about web mail and exchange and it seems the best practice is to not allow it on the exchange server it self. I am looking for suggestions on what my best options would be for setting up a web mail interface? I also have the same question for popping mail off the server. I don't want this to take place on the exchange server either due to the inherent security risks of virus infection and other things. I am wondering if it would be best to have a nix mail server handling all the incoming mail a nd then handing that off to the exchange server. I guess my second question on this point is it ok to allow pop off the nix server along with web mail if the system is properly secured? My next question is what line of virus/content filtering software does the list recommend? I am much more concerned with catching and containment of viri than I am with the content filtering side of things. Any suggestions would be greatly appreciated on or off list. Also if you can tell me of any pit falls I might run into along the path of setting this all up please let me know. Thanks in Advance for any help.. Patrick P.S. I would rather use Notes for our company but management is dead set on Exchange. If only we where using Notes then I wouldn't be asking such questions but I am getting off topic. Thanks in advance again for any help. Hush provide the worlds most secure, easy to use online applications - which solution is right for you? HushMail Secure Email http://www.hushmail.com/ HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/ Hush Business - security for your Business http://www.hush.com/ Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/ Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople -----BEGIN PGP SIGNATURE----- Version: Hush 2.1 Note: This signature can be verified at https://www.hushtools.com wlwEARECABwFAjyXrQsVHHBpdHRfMjNAaHVzaG1haWwuY29tAAoJEFQP1BB4cXg8rsUA n1DII3ydVOF6rFvUnCH+L09R/WsJAJ9OoyUq5lSdPmkpEPRxjZAig10IxA== =Jlaj -----END PGP SIGNATURE----- Visit our website! http://www.nbb.be "DISCLAIMER: The content of this e-mail message does not constitute a commitment of the National Bank of Belgium (NBB) except where provided for in a written agreement between you and the NBB or where confirmed with a written form approved according to the internal regulations of the NBB. Besides, the statements and opinions expressed in this e-mail message are those of the author of the message and do not necessarily represent those of the NBB. The e-mail message contains proprietary information intended for the intended recipient only. If an addressing or transmission error has misdirected this e-mail, please notify the author. If you are not the intended recipient you must not use, disclose, distribute, copy, print or rely on any part of this e-mail message."
