Re: [Exim] OT - Why you should not put Exchange on the Inter…

Top Page

Reply to this message
Author: Richard Welty
To: exim-users
Subject: Re: [Exim] OT - Why you should not put Exchange on the Internet.
this seems awfully offtopic, but i'll chip in anyway.

On Thu, 22 Jan 2004 18:49:54 -0600 Phil Brutsche <phil@???> wrote:
> I can verify that to be the truth (we're about to contaminate our office
> with Exchange 2003).

> Outlook, when used as an Exchange client, needs to communicate with the
> Exchange server on TCP port 135 - the infamous Windows RPC port. Not
> all traffic is on port 135, however - it also negotiates alternate port
> numbers.

this is true if you use MAPI. Outlook can (or used to be able to) use ordinary
pop3 and imap w/o going into these modes, and Exchange used to be able to
talk pop3 and imap ok. it's been a few years since i fought with this stuff,

> > If they're concern is having access to their Exchange calendars and
> > other stuff, use the web client - "Outlook for the web" or some such
> > thing. I believe it comes with Exchange.

> That's not even safe, 'cause then you're exposing IIS to the 'net ;)

i have one client i set up with an OpenBSD/Apache web server
in their DMZ, proxying only certain URLs to the Internet Insecurity
Server on the inside. this mitigates a lot of the M$ braindamage,
as some of the most infamous IIS exploits involved poking at certain
double sekrit URLs that nobody knew IIS responded to.

Richard Welty                                         rwelty@???
Averill Park Networking                                         518-573-7592
    Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security