Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Outlook Web Access - Paranoid?

From: Mikael Olsson <mikael.olsson () clavister com>
Date: Sun, 01 Dec 2002 11:58:08 +0100

Devdas Bhagat wrote:


On 30/11/02 11:39 -0800, Matt Wilbur wrote:

If you just need to give end users access to email and email directory
services from the outside, why not use one of the many "webmail"
applications out there, all of which need far less access to your
internal networks.  You could plunk, for example, squirrelmail out on a
DMZ system, allow port 143 (IMAP) and port 389 (LDAP) to an exchange


I would suggest imaps(993) and ldaps(636). If your webmail client
doesn't support that, zebeedee or stunnel could help in creating the SSL
connections.
No use running plain text all over the place when SSL certificates are
free.


What is the point of running SSL connections from the web server front-end
to the mail server back-end?

If the web server gets owned, I would argue that this ADDS exposure, 
not the other way around.


-- 
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50       WWW: http://www.clavister.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: