[nmglug] POP3 Server::Request for Info

luis pena glyph_dtd at yahoo.com
Tue Mar 13 20:59:40 PDT 2007 

Sorry everyone about the blank email as well.

Ed,

You are correct in your three assumptions:
>  - allow users to get mail via pop3s or https from outside the firewall
>  - not allow internet access to internal exchange server
>  - use linux amap (as much as possible)

Also, after a couple days of research I concur:
> The real problem is the organization's choice to use exchange.

The exchange system has been designed to "not play well" with others. I have come to the conclusion that this endeavor may be fruitless and a waste of precious time. Again I will reiterate - the problem is exchange. I thank you, gentlemen, for your time and comments.

Luis Pena


"Edward F. Brown" <ebrown at lanl.gov> wrote: Sorry for the empty mail.  Also, I didn't respond to the ldap question.
Looking for more info about how 'outlook webmail' handled active directory
authentication led me to this site:
http://systembash.com/content/outlook-web-access-apache-proxy/
which says that 'Outlook Web Access', or OWA, has to run on the exchange
server itself.  But it does offer a way to configure apache to be a proxy.
 You might also look at this site:
http://www.debian-administration.org/articles/411

-Ed


On Sat, March 10, 2007 2:00 pm, Edward F. Brown wrote:
> Luis,
>
> So correct this if it's wrong. You want to:
>  - allow users to get mail via pop3s or https from outside the firewall
>  - not allow internet access to internal exchange server
>  - use linux amap (as much as possible)
>
> Not sure this is really practical.  Webmail can present or make mail
> available to users, when it actually resides on a separate server, the
> exchange server in this case.  (Squirrelmail uses imap behind the scenes
> for this.)  But I don't think you can 'front-end' mail in this sense via
> pop. You're really talking about having two different mail servers, and I
> don't you can, or would want to try, to do this.  The issues involved in
> keeping mailboxes synchronized, for example, would just be too wierd.
>
> The real problem is the organization's choice to use exchange.  It just
> isn't suitable to make mail available to untrusted networks via any other
> means than a webmail interface.  Users should be required to vpn in if
> webmail is inadequate (which also allows use of other exchange services -
> calendar etc.)
>
> The good news is the barracuda/sonicwall will provide some protection by
> prefiltering mail before it gets delivered to the exchange server, and
> prevents direct connection from the internet to port 25 there, acting as a
> kind of proxy.
>
> So maybe you can host the web interface on a linux box, but I'm not even
> sure about that, not being familiar with the 'outlook' webmail server you
> mention.  I guess if it runs on apache, you're good to go.
>
> hth,
> Ed
>
>
>
> On Sat, March 10, 2007 10:57 am, luis pena wrote:
>> I work in a Windoze house, contantly looking for a way to integrate
>> Linux.
>> I finally have my chance and would like to pose some questions to the
>> community on the subject of firewalls and POP3.
>>
>> First let me start w/ an overview of my network. We are 18 nodes
>> connected
>> via T1/partial T1's on a Frame Relay network. We are using Cisco routers
>> and our firewall is a Cisco PIX. We are in the process of switching over
>> to a new domain and upgrading our firewall to include a spam filtration
>> (Barracuda/Sonicwall). Be advised I am aware of the numerous solutions
>> available in the Open Source realm... alas, I do not make the final
>> decision on hardware purchases
>>
>> We have and exchange 2003 sever and a 2003 domain controller that
>> provides
>> internal authentication and email services. One of the features of
>> exchange is
>> outlook web access (similar to squirrel mail) which allows people
>> outside
>> of our internal network to check the email.
>>
>> I have been tasked with finding a solution for configuring a POP 3server
>> to sit in the DMZ of the firewall. This server will provide several
>> functions:
>> - Serve up Outlook Web Access on an Apache Server(which will require
>> communications with the LDAP-based active directory?)
>> - Be configured have the exchange server initiate the opening of port 25
>> on the POP 3 server to download email. It is preferred that incoming
>> mail
>> be housed on the POP 3serve after hitting the spam filtration device.
>>
>> Here are my questions:
>> - Is the solution of placing a POP3 server in the DMZ my best option for
>> protecting my exchange server and serving up web access to email?
>> - Are there any items that I have not considered?
>> - Will I need LDAP running on Linux boxen to ""talk" to active directory
>> - What would be the best way to set up a testing sandbox (ad hoc,
>> through
>> the PIX, etc...)
>>
>> Thanks to Ed Brown for pointing me towards dovecot as a solution for my
>> POP3 needs. I hope I have been clear and have provided enough
>> information... I am still learning. Thank you in advance.
>>
>>
>>
>>
>> ---------------------------------
>> Food fight? Enjoy some healthy debate
>> in the Yahoo! Answers Food & Drink
>> Q&A._______________________________________________
>> nmglug mailing list
>> nmglug at nmglug.org
>> http://www.nmglug.org/mailman/listinfo/nmglug
>>
>
>
> _______________________________________________
> nmglug mailing list
> nmglug at nmglug.org
> http://www.nmglug.org/mailman/listinfo/nmglug
>


_______________________________________________
nmglug mailing list
nmglug at nmglug.org
http://www.nmglug.org/mailman/listinfo/nmglug


 
---------------------------------
Sucker-punch spam with award-winning protection.
 Try the free Yahoo! Mail Beta.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nmglug.org/pipermail/nmglug-nmglug.org/attachments/20070313/2a3982e9/attachment.htm>

More information about the nmglug mailing list