Sorry everyone about the blank email as well.<br><br>Ed,<br><br>You are correct in your three assumptions:<br>> - allow users to get mail via pop3s or https from outside the firewall<br>> - not allow internet access to internal exchange server<br>> - use linux amap (as much as possible)<br><br>Also, after a couple days of research I concur:<br>> The real problem is the organization's choice to use exchange.<br><br>The exchange system has been designed to "not play well" with others. I have come to the conclusion that this endeavor may be fruitless and a waste of precious time. Again I will reiterate - the problem is exchange. I thank you, gentlemen, for your time and comments.<br><br>Luis Pena<br><br><br><b><i>"Edward F. Brown" <ebrown@lanl.gov></i></b> wrote:<blockquote class="replbq" style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;"> Sorry for the empty mail. Also, I didn't respond to the ldap question.<br>Looking
for more info about how 'outlook webmail' handled active directory<br>authentication led me to this site:<br>http://systembash.com/content/outlook-web-access-apache-proxy/<br>which says that 'Outlook Web Access', or OWA, has to run on the exchange<br>server itself. But it does offer a way to configure apache to be a proxy.<br> You might also look at this site:<br>http://www.debian-administration.org/articles/411<br><br>-Ed<br><br><br>On Sat, March 10, 2007 2:00 pm, Edward F. Brown wrote:<br>> Luis,<br>><br>> So correct this if it's wrong. You want to:<br>> - allow users to get mail via pop3s or https from outside the firewall<br>> - not allow internet access to internal exchange server<br>> - use linux amap (as much as possible)<br>><br>> Not sure this is really practical. Webmail can present or make mail<br>> available to users, when it actually resides on a separate server, the<br>> exchange server in this case. (Squirrelmail uses imap
behind the scenes<br>> for this.) But I don't think you can 'front-end' mail in this sense via<br>> pop. You're really talking about having two different mail servers, and I<br>> don't you can, or would want to try, to do this. The issues involved in<br>> keeping mailboxes synchronized, for example, would just be too wierd.<br>><br>> The real problem is the organization's choice to use exchange. It just<br>> isn't suitable to make mail available to untrusted networks via any other<br>> means than a webmail interface. Users should be required to vpn in if<br>> webmail is inadequate (which also allows use of other exchange services -<br>> calendar etc.)<br>><br>> The good news is the barracuda/sonicwall will provide some protection by<br>> prefiltering mail before it gets delivered to the exchange server, and<br>> prevents direct connection from the internet to port 25 there, acting as a<br>> kind of proxy.<br>><br>> So
maybe you can host the web interface on a linux box, but I'm not even<br>> sure about that, not being familiar with the 'outlook' webmail server you<br>> mention. I guess if it runs on apache, you're good to go.<br>><br>> hth,<br>> Ed<br>><br>><br>><br>> On Sat, March 10, 2007 10:57 am, luis pena wrote:<br>>> I work in a Windoze house, contantly looking for a way to integrate<br>>> Linux.<br>>> I finally have my chance and would like to pose some questions to the<br>>> community on the subject of firewalls and POP3.<br>>><br>>> First let me start w/ an overview of my network. We are 18 nodes<br>>> connected<br>>> via T1/partial T1's on a Frame Relay network. We are using Cisco routers<br>>> and our firewall is a Cisco PIX. We are in the process of switching over<br>>> to a new domain and upgrading our firewall to include a spam filtration<br>>> (Barracuda/Sonicwall). Be advised I
am aware of the numerous solutions<br>>> available in the Open Source realm... alas, I do not make the final<br>>> decision on hardware purchases<br>>><br>>> We have and exchange 2003 sever and a 2003 domain controller that<br>>> provides<br>>> internal authentication and email services. One of the features of<br>>> exchange is<br>>> outlook web access (similar to squirrel mail) which allows people<br>>> outside<br>>> of our internal network to check the email.<br>>><br>>> I have been tasked with finding a solution for configuring a POP 3server<br>>> to sit in the DMZ of the firewall. This server will provide several<br>>> functions:<br>>> - Serve up Outlook Web Access on an Apache Server(which will require<br>>> communications with the LDAP-based active directory?)<br>>> - Be configured have the exchange server initiate the opening of port 25<br>>> on the POP 3
server to download email. It is preferred that incoming<br>>> mail<br>>> be housed on the POP 3serve after hitting the spam filtration device.<br>>><br>>> Here are my questions:<br>>> - Is the solution of placing a POP3 server in the DMZ my best option for<br>>> protecting my exchange server and serving up web access to email?<br>>> - Are there any items that I have not considered?<br>>> - Will I need LDAP running on Linux boxen to ""talk" to active directory<br>>> - What would be the best way to set up a testing sandbox (ad hoc,<br>>> through<br>>> the PIX, etc...)<br>>><br>>> Thanks to Ed Brown for pointing me towards dovecot as a solution for my<br>>> POP3 needs. I hope I have been clear and have provided enough<br>>> information... I am still learning. Thank you in advance.<br>>><br>>><br>>><br>>><br>>> ---------------------------------<br>>>
Food fight? Enjoy some healthy debate<br>>> in the Yahoo! Answers Food & Drink<br>>> Q&A._______________________________________________<br>>> nmglug mailing list<br>>> nmglug@nmglug.org<br>>> http://www.nmglug.org/mailman/listinfo/nmglug<br>>><br>><br>><br>> _______________________________________________<br>> nmglug mailing list<br>> nmglug@nmglug.org<br>> http://www.nmglug.org/mailman/listinfo/nmglug<br>><br><br><br>_______________________________________________<br>nmglug mailing list<br>nmglug@nmglug.org<br>http://www.nmglug.org/mailman/listinfo/nmglug<br></blockquote><br><p>
<hr size=1><a href="
http://us.rd.yahoo.com/evt=49981/*http://advision.webevents.yahoo.com/mailbeta/features_spam.html">Sucker-punch spam</a> with award-winning protection.<br> Try the <a href="
http://us.rd.yahoo.com/evt=49981/*http://advision.webevents.yahoo.com/mailbeta/features_spam.html">free Yahoo! Mail Beta.</a>