[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Protecting Exchange with Suse proxy & postfix relay

Quoting Eric Kahklen <eric@xxxxxxxxxxx>:
> I am currently trying to implement an Exchange 2000 server and it was
> suggested by a friend that I put a SuSE box between the internet and
> Exchange.  He suggested having Postfix relay incoming mail only to the
> Exchange box and then allow Exchange to send out its mail through the
> firewall (Watchguard).  Then for the OWA/SSL connectivity, he suggested
> using Apache's mod_proxy & mod_ssl to protect IIS.  I am only going to
> allow https traffic to my exchange server.  My question is, is this plan
> feasible? and does anyone know if there is a how to out there for this
> type of configuration?  I've never setup Postfix or these Apache modules
> so I am hoping to find out if its possible since I don't have a lot of
> time to set this up due to the launch date of Exchange.

1) I am required to suggest to you that simply use the SuSE box for mail and
web.  It is just a better policy.

2) If #1 is infeasible, the mail part of the above should work fine.  I use a
postfix box to scan incoming mail for viruses before sending it to the real
mail server for storage and retrieval (in my case, it's a matter of delegation
of resources, not a matter of the mail server sucking)

3) Perhaps someone else can help you with the web part, but as I understand it,
proxying SSL connections isn't feasible... though, I suppose you could have the
SuSE box talk SSL to the client while IIS talkes to SuSE in the clear...

I would really like to stress #1, though.  Just running proper internet services
on a decent server is much easier than mucking abot with proxying and whatnot.

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here