Re: [Exim] OT - Why you should not put Exchange on the Inter…

Top Page

Reply to this message
Author: Edgar Lovecraft
Date:  
To: exim-users
Subject: Re: [Exim] OT - Why you should not put Exchange on the Internet.
> Date: Thu, 22 Jan 2004 20:23:00 -0500 (EST)
> From:        Richard Welty <rwelty@???>
> To:        exim-users@???
> Subject:    Re: [Exim] OT - Why you should not put Exchange on the
> Internet.
> this seems awfully offtopic, but i'll chip in anyway.

please do!

>
> On Thu, 22 Jan 2004 18:49:54 -0600 Phil Brutsche <phil@???>
> wrote: > I can verify that to be the truth (we're about to contaminate
> our office > with Exchange 2003).
>
> > Outlook, when used as an Exchange client, needs to communicate with
> the > Exchange server on TCP port 135 - the infamous Windows RPC port.
> Not > all traffic is on port 135, however - it also negotiates alternate
> port > numbers.
>
> this is true if you use MAPI. Outlook can (or used to be able to) use
> ordinary pop3 and imap w/o going into these modes, and Exchange used to
> be able to talk pop3 and imap ok. it's been a few years since i fought
> with this stuff, though.
>

Still can be on both sides..

> > > If they're concern is having access to their Exchange calendars and
> > > other stuff, use the web client - "Outlook for the web" or some such
> > > thing. I believe it comes with Exchange.
>
> > That's not even safe, 'cause then you're exposing IIS to the 'net ;)
> i have one client i set up with an OpenBSD/Apache web server
> in their DMZ, proxying only certain URLs to the Internet Insecurity
> Server on the inside. this mitigates a lot of the M$ braindamage, as
> some of the most infamous IIS exploits involved poking at certain double
> sekrit URLs that nobody knew IIS responded to.
>

And I also know and work with (and am one) person who knows how to properly
configure an IIS server and have yet to be hacked, not that I am inviting
any one to try :P
Besides, it is just as easy to hack into an improperly configured *NIX box
running apache.
Lotus Notes on the other hand offers very good calendering and
'other stuff' and has very few known (if any) hacks, but the OS it is
running on is still vulnerable.
--

--EAL--