[nmglug] POP3 Server::Request for Info

Edward F. Brown ebrown at lanl.gov
Sat Mar 10 13:00:23 PST 2007


Luis,

So correct this if it's wrong. You want to:
 - allow users to get mail via pop3s or https from outside the firewall
 - not allow internet access to internal exchange server
 - use linux amap (as much as possible)

Not sure this is really practical.  Webmail can present or make mail
available to users, when it actually resides on a separate server, the
exchange server in this case.  (Squirrelmail uses imap behind the scenes
for this.)  But I don't think you can 'front-end' mail in this sense via
pop. You're really talking about having two different mail servers, and I
don't you can, or would want to try, to do this.  The issues involved in
keeping mailboxes synchronized, for example, would just be too wierd.

The real problem is the organization's choice to use exchange.  It just
isn't suitable to make mail available to untrusted networks via any other
means than a webmail interface.  Users should be required to vpn in if
webmail is inadequate (which also allows use of other exchange services -
calendar etc.)

The good news is the barracuda/sonicwall will provide some protection by
prefiltering mail before it gets delivered to the exchange server, and
prevents direct connection from the internet to port 25 there, acting as a
kind of proxy.

So maybe you can host the web interface on a linux box, but I'm not even
sure about that, not being familiar with the 'outlook' webmail server you
mention.  I guess if it runs on apache, you're good to go.

hth,
Ed



On Sat, March 10, 2007 10:57 am, luis pena wrote:
> I work in a Windoze house, contantly looking for a way to integrate Linux.
> I finally have my chance and would like to pose some questions to the
> community on the subject of firewalls and POP3.
>
> First let me start w/ an overview of my network. We are 18 nodes connected
> via T1/partial T1's on a Frame Relay network. We are using Cisco routers
> and our firewall is a Cisco PIX. We are in the process of switching over
> to a new domain and upgrading our firewall to include a spam filtration
> (Barracuda/Sonicwall). Be advised I am aware of the numerous solutions
> available in the Open Source realm... alas, I do not make the final
> decision on hardware purchases
>
> We have and exchange 2003 sever and a 2003 domain controller that provides
> internal authentication and email services. One of the features of
> exchange is
> outlook web access (similar to squirrel mail) which allows people outside
> of our internal network to check the email.
>
> I have been tasked with finding a solution for configuring a POP 3server
> to sit in the DMZ of the firewall. This server will provide several
> functions:
> - Serve up Outlook Web Access on an Apache Server(which will require
> communications with the LDAP-based active directory?)
> - Be configured have the exchange server initiate the opening of port 25
> on the POP 3 server to download email. It is preferred that incoming mail
> be housed on the POP 3serve after hitting the spam filtration device.
>
> Here are my questions:
> - Is the solution of placing a POP3 server in the DMZ my best option for
> protecting my exchange server and serving up web access to email?
> - Are there any items that I have not considered?
> - Will I need LDAP running on Linux boxen to ""talk" to active directory
> - What would be the best way to set up a testing sandbox (ad hoc, through
> the PIX, etc...)
>
> Thanks to Ed Brown for pointing me towards dovecot as a solution for my
> POP3 needs. I hope I have been clear and have provided enough
> information... I am still learning. Thank you in advance.
>
>
>
>
> ---------------------------------
> Food fight? Enjoy some healthy debate
> in the Yahoo! Answers Food & Drink
> Q&A._______________________________________________
> nmglug mailing list
> nmglug at nmglug.org
> http://www.nmglug.org/mailman/listinfo/nmglug
>





More information about the nmglug mailing list