[unisog] MS Exchange maintenance time

lifeisarush at hush.com lifeisarush at hush.com
Thu May 15 04:20:13 GMT 2003


Hi Jim,

This information might be useful when it comes to providing remote users
with access, it might not all be applicable to you depending on the platforms/versions
you have.

Once you have exchange setup and placed it behind a firewall and hopefully
behind an Access list as well you can have Outlook Web Access on the
DMZ(Hopefully the DMZ machine(s) will be running Win2k Server or later).

This way you don't risk running IIS on the exchange box itself.
You will definitely need to run the IIS LockDown tool from Microsoft
on the DMZ machines. It does an excellent job: http://www.microsoft.com/windows2000/downloads/recommended/iislockdown/default.asp

One problem you will come across if you want to set up OWA on the DMZ
is that when a client is trying to authenticate the DMZ will first talk
to the exchange box on port 135 which in turn will provide two ports
for communication. The 2 ports change every now and then, however you
can make them static by editing the registry:
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B155831
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B194952
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B259240

This way you only have couple of ports opened.

It might also be a good idea to run OWA over SSL as well.
If your remote clients need to use the Microsoft Outlook client instead
of OWA to access their e-mail, the above info should be enough to allow
it through a firewall however I have never set it up. I believe you can
also use some sort of encryption if remote clients are using Microsoft
Outlook client.

Cheers,

Jad Nehman

------------------
Life is a rush
------------------



Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Big $$$ to be made with the HushMail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427



More information about the unisog mailing list