ScoobyNet.com - Subaru Enthusiast Forum

ScoobyNet.com - Subaru Enthusiast Forum (https://www.scoobynet.com/)
-   Computer & Technology Related (https://www.scoobynet.com/computer-and-technology-related-34/)
-   -   Internet facing Exchange 2010? (https://www.scoobynet.com/computer-and-technology-related-34/845915-internet-facing-exchange-2010-a.html)

BlkKnight 10 August 2010 01:52 PM
Internet facing Exchange 2010?
 
Hi All,

Just had the joyous task of migrating from Exchange 2003 (on 2000 server) > 2010 (on 2008R2).

Back in the day when I last looked at this, it wasn't sensible to have a Windows box facing the web.

We got round this by using a pop3 connector.

Now, I'm thinking of having the mail redirected through our firewall to the server directly. Is this a smart idea?

Additionally I'm thinking about setting up OWA so that it is accessible to our users. Is this a smart move security wise?

We don't have the resources to have another front end server to handle the mail redirects - so additional machines are not an option.

Thanks in advance

J

Andy Tang 10 August 2010 02:10 PM
Most people will have SMTP traffic coming from the internet directly to their Exchange server. Ensure you are only allowing SMTP traffic in!

IMHO this is OK, but ideally I would relay the traffic via some sort of scanning solution, whether it's an SMTP relay internally to scan for viruses, spam, etc, or via third party hosted solution such as Websense, Messagelab, etc.

Although I understand if you don't have the budget for this type of solution, but think of the admin headache and budgeting for a larger Exchange server, just to cope with the spam!

Again, I know plenty of companies who open up OWA, some without an SSL certificate! :eek: Personally to secure the OWA traffic, I would look at one of two solutions, either ISA/TMG server with an SSL certificate to reverse proxy the connection into your network. That way the connection from the internet is held on the ISA/TMG server, and the server then connects with the Exchange server preventing a direct connection from the internet to your Exchange server.

The other way is to use an SSL VPN solution, where again you reverse proxy the communication and also allow other applications to be securely delivered to your users, such as intranet, Sharepoint, file access, etc.

Forgot to mention, I'm by no way an Exchange expert, but I work with network security solutions at a distribution level, so I speak a fair number of resellers regarding their customers setups!

BlkKnight 11 August 2010 04:06 PM
Cheers Andy.

My gosh the hosted services aren't cheap.

For our use - works out to be over a grand per annum.

I've got the pop3 connector working in the meantime.

I'll persuade people to do OWA over VPN - got to be the best way interms of cost (and my skill level!).

Andy Tang 11 August 2010 05:09 PM
I know Websense is £14 per seat per year, but also that is software, hardware and support you don't need to provide to the solution! I'm sure a deal could be had if it were end of month/quarter! ;)


All times are GMT +1. The time now is 11:54 PM.


© 2024 MH Sub I, LLC dba Internet Brands