On Thu, 2003-02-20 at 14:37, Scott H wrote: > > From: Scott H > > I have an Exchange server for company mail for > > about 1400 users. My boss wants web-based > > email > > and POP/IMAP access from the Internet. He > > agrees > > with me putting Exchange and Outlook Web Access > > out there is not a good idea, from a security > > standpoint. So we're looking for a good OSS > > solution. I know I can use products like > > squirrelmail and Horde's IMP to provide a > > web-based email front end, but how can I > > provide > > POP/IMAP clients access to their Exchange > > mailboxes, without opening up ports to the > > Exchange box? Is there OSS software that will > > do this? > > > > From: "Brian Tafoya" > > Yeah... it is called Sendmail! ;-) > > Now, if the web server running Squirrelmail > > (which is what I use) and the > > exchange server are behind a firewall, that is > > not an issue. Just open > > ports 80/443 to the web server and keep the > > IMPA and POP ports blocked. :) > > Brian Tafoya > > > > > > From: Mike Starke > > I had a similar situation and here is how I had > > it configured: > > 1. Debian/Apache (SSL) running IMP on the > > Intranet side > > (complete w/LDAP to addressbook) > > 2. OpenBSD Firewall that redirected port 443 to > > server in #1 > > 3. #1 was on same LAN as Exchange, so they > > played happily together. > > Never had a problem. > > > > Mike > > I can see from the reponses I got on this > question that I am obviously missing something. > How is it sendmail, squirrelmail, and IMP are all > being recommended to handle (in addition to > operating as a web-based front end) IMAP/POP > proxying in front of an Exchange server? How do > I configure these to proxy POP or IMAP requests? > (i.e. the user is out on the Internet, with a POP > or IMAP client, the mail is inside the company, > on an Exchange server - I want the client to > connect through our firewall to a Linux box in > the DMZ that will handle/proxy all the POP/IMAP > requests between the client and the Exchange > server inside on the LAN. The reason for this > config is in order to not have to open the > Exchange box to direct connects from the > Internet, for security reasons). If this can be > done with any regular mail server, my preference > would be postfix, as I have experience with it. > Hope this is clear, and thanks again, > > Scott > ---- You need to learn about this - a dmz cannot be allowed to create communications to anywhere on the local lan, thus, it would never serve to have a webmail solution on a dmz with the primary mail server on a local lan...that would be dumb. Exchange server is a sophisticated and expensive mail system and if the company is already invested in it, they should maximize their investment and use it. I think that you are making too much of this. If it were me, I would have a firewall that forwards all incoming port 80 & 443 to the Exchange server and let it service it. I would also have it running OWA - Outlook Web Access and that would be the only way I would allow mail access from offsite. Thus offsite POP3 & IMAP requests would be stopped by the firewall. I would have this firewall receive inbound mail for the domain, probably process it with spam filtering/procmail recipe filtering etc. and then forward the mail to the Exchange Server for local delivery. I think you are trying to make this overly complicated. Craig