[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Protecting Exchange with Suse proxy & postfix relay

> I am currently trying to implement an Exchange 2000 server and it was
> suggested by a friend that I put a SuSE box between the internet and
> Exchange.  He suggested having Postfix relay incoming mail only to the
> Exchange box and then allow Exchange to send out its mail through the
> firewall (Watchguard).
I've implemented this in my company and it is relatively easy. But we use
two relay servers (+ MX entries), to make the relay redundant (of course
exchange is not, but at least the relay :)

> Then for the OWA/SSL connectivity, he suggested using Apache's mod_proxy
> & mod_ssl to protect IIS.  I am only going to allow https traffic to my
> exchange server.
I did this with squid. The 3.0 version has a special feature called
"front_end_https", which is needed if the OWA doesn't use https (which is
ok, in the LAN).

> My question is, is this plan feasible? and does anyone know if there is
> a how to out there for this type of configuration?  I've never setup
> Postfix or these Apache modules so I am hoping to find out if its
> possible since I don't have a lot of time to set this up due to the
> launch date of Exchange.
Yes, it is absolutely feasible! But I wouldn't do it with apache.
In any case, don't forget regular updates of BOTH machines using windows
update and fou4s/YOU.

__________________    /"\
Markus Gaugusch       \ /    ASCII Ribbon Campaign
markus(at)gaugusch.at  X     Against HTML Mail
                      / \

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here