[nmglug] POP3 Server::Request for Info
Edward F. Brown
ebrown at lanl.gov
Sat Mar 10 14:05:20 PST 2007
Sorry for the empty mail. Also, I didn't respond to the ldap question.
Looking for more info about how 'outlook webmail' handled active directory
authentication led me to this site:
http://systembash.com/content/outlook-web-access-apache-proxy/
which says that 'Outlook Web Access', or OWA, has to run on the exchange
server itself. But it does offer a way to configure apache to be a proxy.
You might also look at this site:
http://www.debian-administration.org/articles/411
-Ed
On Sat, March 10, 2007 2:00 pm, Edward F. Brown wrote:
> Luis,
>
> So correct this if it's wrong. You want to:
> - allow users to get mail via pop3s or https from outside the firewall
> - not allow internet access to internal exchange server
> - use linux amap (as much as possible)
>
> Not sure this is really practical. Webmail can present or make mail
> available to users, when it actually resides on a separate server, the
> exchange server in this case. (Squirrelmail uses imap behind the scenes
> for this.) But I don't think you can 'front-end' mail in this sense via
> pop. You're really talking about having two different mail servers, and I
> don't you can, or would want to try, to do this. The issues involved in
> keeping mailboxes synchronized, for example, would just be too wierd.
>
> The real problem is the organization's choice to use exchange. It just
> isn't suitable to make mail available to untrusted networks via any other
> means than a webmail interface. Users should be required to vpn in if
> webmail is inadequate (which also allows use of other exchange services -
> calendar etc.)
>
> The good news is the barracuda/sonicwall will provide some protection by
> prefiltering mail before it gets delivered to the exchange server, and
> prevents direct connection from the internet to port 25 there, acting as a
> kind of proxy.
>
> So maybe you can host the web interface on a linux box, but I'm not even
> sure about that, not being familiar with the 'outlook' webmail server you
> mention. I guess if it runs on apache, you're good to go.
>
> hth,
> Ed
>
>
>
> On Sat, March 10, 2007 10:57 am, luis pena wrote:
>> I work in a Windoze house, contantly looking for a way to integrate
>> Linux.
>> I finally have my chance and would like to pose some questions to the
>> community on the subject of firewalls and POP3.
>>
>> First let me start w/ an overview of my network. We are 18 nodes
>> connected
>> via T1/partial T1's on a Frame Relay network. We are using Cisco routers
>> and our firewall is a Cisco PIX. We are in the process of switching over
>> to a new domain and upgrading our firewall to include a spam filtration
>> (Barracuda/Sonicwall). Be advised I am aware of the numerous solutions
>> available in the Open Source realm... alas, I do not make the final
>> decision on hardware purchases
>>
>> We have and exchange 2003 sever and a 2003 domain controller that
>> provides
>> internal authentication and email services. One of the features of
>> exchange is
>> outlook web access (similar to squirrel mail) which allows people
>> outside
>> of our internal network to check the email.
>>
>> I have been tasked with finding a solution for configuring a POP 3server
>> to sit in the DMZ of the firewall. This server will provide several
>> functions:
>> - Serve up Outlook Web Access on an Apache Server(which will require
>> communications with the LDAP-based active directory?)
>> - Be configured have the exchange server initiate the opening of port 25
>> on the POP 3 server to download email. It is preferred that incoming
>> mail
>> be housed on the POP 3serve after hitting the spam filtration device.
>>
>> Here are my questions:
>> - Is the solution of placing a POP3 server in the DMZ my best option for
>> protecting my exchange server and serving up web access to email?
>> - Are there any items that I have not considered?
>> - Will I need LDAP running on Linux boxen to ""talk" to active directory
>> - What would be the best way to set up a testing sandbox (ad hoc,
>> through
>> the PIX, etc...)
>>
>> Thanks to Ed Brown for pointing me towards dovecot as a solution for my
>> POP3 needs. I hope I have been clear and have provided enough
>> information... I am still learning. Thank you in advance.
>>
>>
>>
>>
>> ---------------------------------
>> Food fight? Enjoy some healthy debate
>> in the Yahoo! Answers Food & Drink
>> Q&A._______________________________________________
>> nmglug mailing list
>> nmglug at nmglug.org
>> http://www.nmglug.org/mailman/listinfo/nmglug
>>
>
>
> _______________________________________________
> nmglug mailing list
> nmglug at nmglug.org
> http://www.nmglug.org/mailman/listinfo/nmglug
>
More information about the nmglug
mailing list