On Thu, 2003-02-20 at 14:37, Scott H wrote:
> > From: Scott H <scottlhenderson@yahoo.com>
> > I have an Exchange server for company mail for
> > about 1400 users. My boss wants web-based
> > email
> > and POP/IMAP access from the Internet. He
> > agrees
> > with me putting Exchange and Outlook Web Access
> > out there is not a good idea, from a security
> > standpoint. So we're looking for a good OSS
> > solution. I know I can use products like
> > squirrelmail and Horde's IMP to provide a
> > web-based email front end, but how can I
> > provide
> > POP/IMAP clients access to their Exchange
> > mailboxes, without opening up ports to the
> > Exchange box? Is there OSS software that will
> > do this?
> >
> > From: "Brian Tafoya" <btafoya@briantafoya.com>
> > Yeah... it is called Sendmail! ;-)
> > Now, if the web server running Squirrelmail
> > (which is what I use) and the
> > exchange server are behind a firewall, that is
> > not an issue. Just open
> > ports 80/443 to the web server and keep the
> > IMPA and POP ports blocked. :)
> > Brian Tafoya
> >
> >
> > From: Mike Starke <meg@lilly.csoft.net>
> > I had a similar situation and here is how I had
> > it configured:
> > 1. Debian/Apache (SSL) running IMP on the
> > Intranet side
> > (complete w/LDAP to addressbook)
> > 2. OpenBSD Firewall that redirected port 443 to
> > server in #1
> > 3. #1 was on same LAN as Exchange, so they
> > played happily together.
> > Never had a problem.
> > <snip>
> > Mike
>
> I can see from the reponses I got on this
> question that I am obviously missing something.
> How is it sendmail, squirrelmail, and IMP are all
> being recommended to handle (in addition to
> operating as a web-based front end) IMAP/POP
> proxying in front of an Exchange server? How do
> I configure these to proxy POP or IMAP requests?
> (i.e. the user is out on the Internet, with a POP
> or IMAP client, the mail is inside the company,
> on an Exchange server - I want the client to
> connect through our firewall to a Linux box in
> the DMZ that will handle/proxy all the POP/IMAP
> requests between the client and the Exchange
> server inside on the LAN. The reason for this
> config is in order to not have to open the
> Exchange box to direct connects from the
> Internet, for security reasons). If this can be
> done with any regular mail server, my preference
> would be postfix, as I have experience with it.
> Hope this is clear, and thanks again,
>
> Scott
>
----
You need to learn about this - a dmz cannot be allowed to create
communications to anywhere on the local lan, thus, it would never serve
to have a webmail solution on a dmz with the primary mail server on a
local lan...that would be dumb.
Exchange server is a sophisticated and expensive mail system and if the
company is already invested in it, they should maximize their investment
and use it.
I think that you are making too much of this. If it were me, I would
have a firewall that forwards all incoming port 80 & 443 to the Exchange
server and let it service it. I would also have it running OWA - Outlook
Web Access and that would be the only way I would allow mail access from
offsite. Thus offsite POP3 & IMAP requests would be stopped by the
firewall.
I would have this firewall receive inbound mail for the domain, probably
process it with spam filtering/procmail recipe filtering etc. and then
forward the mail to the Exchange Server for local delivery.
I think you are trying to make this overly complicated.
Craig
(text/plain)