[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] Protecting Exchange with Suse proxy & postfix relay
Quoting Eric Kahklen <eric@xxxxxxxxxxx>:
> I am currently trying to implement an Exchange 2000 server and it was
> suggested by a friend that I put a SuSE box between the internet and
> Exchange. He suggested having Postfix relay incoming mail only to the
> Exchange box and then allow Exchange to send out its mail through the
> firewall (Watchguard). Then for the OWA/SSL connectivity, he suggested
> using Apache's mod_proxy & mod_ssl to protect IIS. I am only going to
> allow https traffic to my exchange server. My question is, is this plan
> feasible? and does anyone know if there is a how to out there for this
> type of configuration? I've never setup Postfix or these Apache modules
> so I am hoping to find out if its possible since I don't have a lot of
> time to set this up due to the launch date of Exchange.
1) I am required to suggest to you that simply use the SuSE box for mail and
web. It is just a better policy.
2) If #1 is infeasible, the mail part of the above should work fine. I use a
postfix box to scan incoming mail for viruses before sending it to the real
mail server for storage and retrieval (in my case, it's a matter of delegation
of resources, not a matter of the mail server sucking)
3) Perhaps someone else can help you with the web part, but as I understand it,
proxying SSL connections isn't feasible... though, I suppose you could have the
SuSE box talk SSL to the client while IIS talkes to SuSE in the clear...
I would really like to stress #1, though. Just running proper internet services
on a decent server is much easier than mucking abot with proxying and whatnot.
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here