Firewall Wizards mailing list archives

Re: Exchange & Blackberry

From: strider () mailworks org
Date: Tue, 22 Jun 2004 06:46:43 -0500

I agree with others that I wouldn't put my Exchange server as MX for
whatever domain you're dealing with. Certainly I would at least put some
sort of relay in front of it for both inbound and outbound traffic. My
favorite flavor MTA for this is Postfix but there are others, some
really cool SPAM/AV MTAs depending on the bucks you've got.

As for Blackberry, it's an outbound TCP connection on one port (3101 I
think) to Blackberry's srp servers (additional outbound requirements if
you are doing MDS). However the connections from Blackberry to Exchange
require a MAPI connection and is not firewall friendly. See:

http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/8179/270935/279244/Placing_the_BlackBerry_Enterprise_Server_for_Microsoft_Exchange_in_a_demilitarized_zone.pdf?nodeid=18034&vernum=1

Therefore, for placement, I usually go with:

Border MTA on the DMZ with only port 25 inbound from the world, port 25
outbound to the world and port 25 to/from the internal Exchange server.
Config the MTA as a relay for only your Exchange server.

Exchange on the inside config'ed to forward to the border MTA.

As for Blackberry, it's a risk tradeoff. What's the chances of that
outbound connection doing bad things vs. the pain of trying to get it
config'ed in the DMZ and what would that buy you? 

Cheers, 

Don



On Mon, 21 Jun 2004 12:37:52 -0400, "Geoff Bleau" <geoffb () bellsouth net>
said:

Hi,

I'm looking for suggestions on 'best-policy' for implementing
a MS Exchange Server 2003 and Blackberry Server installation
at a client site.

Will be using a Sonicwall 2040 ( which has a DMZ port )

1) Where should the servers be placed ( LAN or DMZ ) ??
2) What security issues will this 'open up' ??
3) Any other caveats ??

Thanks,

Geoff Bleau


-- 
" I like my women like I
  like my coffee......
  bitter and murky. "
                      GC

Geoff Bleau     -     geoffb () bellsouth net
Florida Software & Data Systems     http://www.flsoft.com


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

-- 
  
  strider () mailworks org

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Exchange & Blackberry Geoff Bleau (Jun 21)
- Re: Exchange & Blackberry Greg Skouby (Jun 21)
- Re: Exchange & Blackberry strider (Jun 22)
  - Re: Exchange & Blackberry Paul D. Robertson (Jun 22)
    - Re: Exchange & Blackberry strider (Jun 22)
- <Possible follow-ups>
- Re: Exchange & Blackberry Keith A. Glass (Jun 21)
- RE: Exchange & Blackberry Claussen, Ken (Jun 22)