Security Basics mailing list archives

Re: Exchange Server and External Access

From: Valery Baranov <val.baranov () revlon com>
Date: 26 Aug 2003 15:45:06 -0000

In-Reply-To: <DC1B068CCD740B438A6982960539A0E7688D9C () wes1 cwalkergroup com>

Is it possible to run a third part Server like possibly
Sendmail to front end Exchange ?


It's possible, no objection so far ;)
It's not too hard to configure and no need to punch a hole into an 
intranet. From what you wrote, I guess the most suitable configuration 
could be use the FW's secure mail queueing to relay incoming mail - 
latency time usually do not exceeds a minute. Consider to use any of Cp FW-
1 mail proxying, FW-based sendmail configured with "ForkEachJob" and 
separate filesystem for mail pool, both SMTP proxy (to protect against 
buggy commands) and sendmail for delivery, stock sendmail and SMAPD 
configured to block overly huge emails, etc. So, enough to choose from. 
Using proxy/sendmail on FW is something in a middle between to punch a 
hole into Intranet and using 2nd server in DMZ - and is the preferred one 
in some cases.

Regards,
         Valery

From: "Cherian M. Palayoor" <cpalayoor () cwalkergroup com>
To: <security-basics () securityfocus com>
X-NAIMIME-Disclaimer: 1
X-NAIMIME-Modified: 1

Hi,

We presently use the Std edition of Exchange 2000 as a mail server for ou=
r
internal users, behind the Firewall.

However we would like to grant mailbox access to external users outside t=
he
Firewall.

What would be the most secure and efficient method of accomplishing this.=
=20

One stream of thought that I have been entertaining is having a separate
Exchange/Mail  Server on the DMZ.

Now this solution would result in having to maintain 2 separate mailboxes=
for
internal and external users. This creates problems for users who would ac=
cess
their emails from both inside and outside the office.

How can I workaround this problem.

Thanks in advance for any suggestions.

Regards

CP

Scanned by Webshield E250

--------------------------------------------------------------------------

--------------------------------------------------------------------------

--


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------

Current thread:

RE: Exchange Server and External Access, (continued)
- RE: Exchange Server and External Access Gregory M. Brown (Aug 25)
- RE: Exchange Server and External Access Nick Duda (Aug 25)
- RE: Exchange Server and External Access Nick Duda (Aug 25)
- RE: Exchange Server and External Access McGill, Lachlan (Aug 25)
- RE: Exchange Server and External Access Nick Duda (Aug 26)
- Re: Exchange Server and External Access salgak (Aug 26)
- RE: FW: Exchange Server and External Access Cherian M. Palayoor (Aug 26)
  - Re: FW: Exchange Server and External Access Gabriel Orozco (Aug 26)
- RE: Exchange Server and External Access Hay, Duane (Aug 26)
  - RE: Exchange Server and External Access Aditya [Aditya Lalit Desgmukh] (Aug 27)
- Re: Exchange Server and External Access Valery Baranov (Aug 26)
- RE: Exchange Server and External Access Nero, Nick (Aug 26)
- RE: FW: Exchange Server and External Access Cherian M. Palayoor (Aug 26)
  - Re: FW: Exchange Server and External Access Gabriel Orozco (Aug 27)
- RE: FW: Exchange Server and External Access Cherian M. Palayoor (Aug 27)
- Re: FW: Exchange Server and External Access some guy (Aug 27)