RE: [Exim] OT - Why you should not put Exchange on the Inter…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\...MSteve Thomas at <-
MM+\.MSteve Thomas at ->
Delete this message
Reply to this message
Author: SpamTalk
Date:  
To: Steve Thomas, Kevin Reed
CC: exim-users
Subject: RE: [Exim] OT - Why you should not put Exchange on the Internet.
</toppost>
> use the web client
NO! NO! NO!

OWA (Outlook Web Access) is NOT designed to provide internet access to
exchange servers. It was designed to allow a large enterprise (hence why it
is available only on in the Enterprise Edition of Exchange) to offload the
exchange server from thousands of desktops beating on the primary server(s).
Worked great for an INTRA net with a WAN, a department store used it to let
their store employees access internal mail without having to clutter low-end
desktops with a full Outlook or Office install and minimized their
utilization of the frame-relay circuits to the stores by setting QOS on the
port 80 traffic to the OWA servers.

Even properly installing it by "isolating" it behind a additional firewall
interface is dicey at best. The OWA server has to be a member of the domain
and there are about 15-20 holes you have to punch in the firewall to get it
to talk to a GC and the primary Exchange server(s). A very high risk
security footprint and a very foolish thing to do. I liken it to building a
woodshed using the handle of a Craftsman screwdriver as a hammer (so you can
take it back to Sears for replacement after you chip the handle off the
shaft.

If you must provide internet access to exchange, use terminal services or
IPSEC/VPN tunnels to create a virtual connection to the LAN, even then you
need to install group policies to require AV and other security requirements
the machine making the VPN connection so it does not bring a virus in behind
the firewall.

Best Regards, Bob

> -----Original Message-----
> From: Steve Thomas [mailto:lists@sthomas.net]
> Sent: Thursday, January 22, 2004 3:00 PM
> To: Kevin Reed
> Cc: exim-users@???
> Subject: Re: [Exim] OT - Why you should not put Exchange on
> the Internet.
>
> On Thu, Jan 22, 2004 at 12:26:50PM -0700, Kevin Reed is
> rumored to have said:
> >
> > Is there a document or website that has a good hit list of
> why this is
> > a bad idea.
>
> I don't work with Exchange, so I can't say that this is a
> verified fact, but I read somewhere (NANOG maybe?) that
> Exchange requires SMB communication with the client. That in
> itself would be enough to convince me not to put it on the 'net.
>
> If they're concern is having access to their Exchange
> calendars and other stuff, use the web client - "Outlook for
> the web" or some such thing. I believe it comes with Exchange.
>
>
> --
> "The difference between pornography and erotica is lighting."
> - Gloria Leonard
>
> --
>
> ## List details at
> http://www.exim.org/mailman/listinfo/exim-users Exim details
> at http://www.exim.org/ ##
>


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[Exim] config guide ?Re: [Exim] OT - Why you should not put Exchange on the Internet.->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)