I suspect 'high-end of the market' has different meanings for different people. But I agree with Raj, and I'll go a step further - if you want to be in the hosted solution market - and according to your web site, you do - you need a commercial cert. If you want to be in that business, you have to accept some of the costs, and a trusted CA is one of them. On 3/8/05 10:53 AM, "Periyasamy, Raj" <Raj.Periyasamy@xxxxxxxxxxxx> wrote: > http://www.MSExchange.org/ > > Andrew, > 1) Your SMTP relay concerns can be overcome by authentication. > > 2) If you are really targeting high-end market get a commercial > certificate. > > > Regards, > > Raj > > > -----Original Message----- > From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx] > Sent: Tuesday, March 08, 2005 10:44 AM > To: [ExchangeList] > Subject: [exchangelist] RE: Certification Question > > http://www.MSExchange.org/ > > Raj, > > I have clients that travel a lot and take their notebook computers with > them where ever they go, and I will be damned if I let them relay their > emails back through my SMTP server. ISP's today who are using SSL for > SMTP still do not allow their clients to relay their emails from another > connection. > > Yes I am dealing with the high-end of the market and no I don't wish to > sell emails to boys and girls who spend a lot of time chatting about > nothing. > > :) > > Andrew > > > -----Original Message----- > From: Periyasamy, Raj [mailto:Raj.Periyasamy@xxxxxxxxxxxx] > Sent: Tuesday, March 08, 2005 9:58 AM > To: [ExchangeList] > Subject: [exchangelist] RE: Certification Question > > http://www.MSExchange.org/ > > But, still, POP3 and SMTP has less overhead compared to an RPC over HTTP > connection. Ideal for an individual, not a business. The only advantage > with RPC over HTTP is RPC being encapsulated in HTTP packets, so you > don't need an RPC connections end to end. Unless you are an ISP > specializing in providing hosted Exchange services for other businesses, > but your are an ISP providing just email access to individual users, > still POP3 and SMTP is the best way to go. In my earlier email by ISP I > did not mean Hosted Exchange service providers. An individual user does > not need access to a GAL or an Organization wide calendar, so why would > one give RPC over HTTP access to an individual. > > > Regards, > > Raj > > > -----Original Message----- > From: Michael B. Smith [mailto:michael@xxxxxxxxxx] > Sent: Tuesday, March 08, 2005 9:44 AM > To: [ExchangeList] > Subject: [exchangelist] RE: Certification Question > > http://www.MSExchange.org/ > > You said: RPC over HTTP is meant for corporate use, not for ISP use. > > That's not true. > > One of the primary reasons for RPC/HTTP was for xSPs to offer hosted > Exchange. > > Hosted Exchange includes an Outlook 2003 license. > > I've written an idiot-proof configuration document, and I know I'm not > the only one, for configuring Outlook for Hosted Exchange. Microsoft > also makes available a tool that generates a hosted Exchange profile. > It's less confusing than configuring POP. > > -----Original Message----- > From: Periyasamy, Raj [mailto:Raj.Periyasamy@xxxxxxxxxxxx] > Sent: Tuesday, March 08, 2005 9:34 AM > To: [ExchangeList] > Subject: [exchangelist] RE: Certification Question > > http://www.MSExchange.org/ > > Andrew, > I am getting a fair idea of your setup. I assume you are a fairly small > shop. If I were you, I would definitely go with POP3 for external users. > If you go for RPC over HTTP, every client needs to have Office 2003 or > at least Outlook 2003. Are they willing to spend on that. If you use > POP3 they can use any email client like Outlook express. You don't have > to spend on certificates, and support. It is a real time killer. RPC > over HTTP is meant for corporate use, not for ISP use. Does your ISP > allow incoming POP3 and SMTP connections? All ISPs allow outgoing POP3 > and SMTP connections, so the only problem is you have to make sure you > can receive incoming connections. If not, you can even run POP3 and SMTP > on a different port. Trust me on this one, it is less confusing to an > end user to configure POP3/SMTP rather than RPC over HTTP and > certificates. > > > Regards, > > Raj > > > -----Original Message----- > From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx] > Sent: Tuesday, March 08, 2005 9:17 AM > To: [ExchangeList] > Subject: [exchangelist] RE: Certification Question > > http://www.MSExchange.org/ > > Rick, > > $150 a year is too much for this mom and pop ISP if you want to call it > that. :) > > Andrew > > > -----Original Message----- > From: Rick Boza [mailto:rickb@xxxxxxxxxxxxxxx] > Sent: Tuesday, March 08, 2005 7:41 AM > To: [ExchangeList] > Subject: [exchangelist] RE: Certification Question > > http://www.MSExchange.org/ > > Or, if you want to provide ISP (or ASP) services to customers, but you > don't trust them to hit /certserv, a better solution is to use a cert > from a publicly trusted root. > > This is exactly what they are there for - you've already spent as much > in labor as you ever would on the cert - they're only $150 US from > Entrust. > > That's an hour's work (or more, depending on your rates). Between this, > and all the challenges you've had getting RPC/HTTPS working - all would > have been fixed by this, and you would move on to selling that service > to the ten other clients you need to absorb the cost. > > > On 3/8/05 7:09 AM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx> wrote: > >> http://www.MSExchange.org/ >> >> Why not just distribute the CA certifiate as a file and provide >> instructions for installing it. Can probably be done from the command >> line too, so it could be scriptable. >> >> >> Tom >> www.isaserver.org/shinder >> Tom and Deb Shinder's Configuring ISA Server 2004 >> http://tinyurl.com/3xqb7 >> MVP -- ISA Firewalls >> >> >> -----Original Message----- >> From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx] >> Sent: Monday, March 07, 2005 10:44 PM >> To: [ExchangeList] >> Subject: [exchangelist] RE: Certification Question >> >> http://www.MSExchange.org/ >> >> Both. >> >> I am bothering with certificates because I also do a lot of trouble >> shooting for people and find that if you really want to confuse them > set >> them up on POP3 and SMTP. Btw most ISP's block incoming SMTP request >> from the outside which another reason I want to stick with RPC over >> HTTP; clients on the run will be able to plug their machines in just >> about anywhere and get connect to their email without having to worry >> about reconfiguring their SMTP server. It's always best to keep it >> stupid simple. :) >> >> I use it for both in house and ISP. >> >> Andrew >> >> >> -----Original Message----- >> From: Periyasamy, Raj [mailto:Raj.Periyasamy@xxxxxxxxxxxx] >> Sent: Monday, March 07, 2005 9:52 PM >> To: [ExchangeList] >> Subject: [exchangelist] RE: Certification Question >> >> http://www.MSExchange.org/ >> >> Andrew, >> You haven't answered my question. >> Are you using Exchange as a ISP mail server ? Or as a corporate email >> server or both. If you are trying to provide service for non-corporate > >> users, why are you bothering with RPC over HTTP and certificates? >> >> >> Regards, >> >> Raj >> >> >> >> >> >> -----Original Message----- >> From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx] >> Sent: Monday, March 07, 2005 5:25 PM >> To: [ExchangeList] >> Subject: [exchangelist] RE: Certification Question >> >> http://www.MSExchange.org/ >> >> Al, >> >> Uhm... >> >> The current way OWA with SSL works is when you go to >> https://owa.smoothrunnings.ca/exchanage you will be prompted to accept > >> the cert. >> >> Once you accept the cert you then see the OWA login page. You login > and >> your done.. >> >> okay got it? >> >> RPC over HTTP does not prompt the user to accept the cert, it assumes >> the user has installed the cert into their computer.. ie in > Certificates >> for the local computer -> Certificates -> Personal >> >> If you go to your certs machine and type: http://IP/certsrv and login >> and choose "download a CA certificate....blah...blah..." and then > click >> on "Install this CA..blah blah" on the next page the CA will be >> installed on the machine you are using to access certsrv. >> >> Thus when you go to owa.sitename.com/exchange which you just installed > >> the cert for you will NOT be prompted for the cert. Thus when you use >> RPC over HTTP you WILL connect to the exchange server. >> >> I simply don't want users to have access to /certsrv, I would rather >> create or used part of the certcarc.asp code (which installs the cert > on >> your machine) to create a new page which users who are currently using > >> my email services can access to install the cert on their personal >> computers. >> >> I am just trying to figure out if there is a easier way to go about > it, >> since I don't want to waste my friends time in dismantling Microsoft's > >> ASP code! :) >> >> Andrew >> >> -----Original Message----- >> From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx] >> Sent: Monday, March 07, 2005 4:40 PM >> To: [ExchangeList] >> Subject: [exchangelist] RE: Certification Question >> >> http://www.MSExchange.org/ >> >> Ok. So you want them to get the cert and install it in the store, a > la >> the way that you get prompted for an untrusted cert on an IIS page in >> IE, only not prompt them for it correct? Basically handle the warnings > >> etc in another way than a popup else let the popup occur in your > process >> (in other words, let the user browse to the secure site that tells > them >> how to set this up and have them insert it in the trusted store or > offer >> a script that does this for them (I opt for the previous: letting them > >> see the cert popup, and telling them to accept it and install the cert > >> vs. automating it. For many reasons including technical and security >> reasons). >> >> >> I think there are all kinds of issues with doing this, such as the > user >> has to be able to write to the trusted store etc. However, I believe >> this is the concept you're looking for: >> >> http://support.microsoft.com/kb/297681 >> >> >> Let me know if I missed the concept totally. >> >> al >> >> ------------------------------------------------------ >> List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist >> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp >> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ >> ------------------------------------------------------ >> Other Internet Software Marketing Sites: >> World of Windows Networking: http://www.windowsnetworking.com Leading >> Network Software Directory: http://www.serverfiles.com >> No.1 ISA Server Resource Site: http://www.isaserver.org Windows > Security >> Resource Site: http://www.windowsecurity.com/ Network Security > Library: >> http://www.secinf.net/ Windows 2000/NT Fax Solutions: >> http://www.ntfaxfaq.com >> ------------------------------------------------------ >> You are currently subscribed to this MSEXchange.org Discussion List > as: >> raj.periyasamy@xxxxxxxxxxxx To unsubscribe visit >> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist >> Report abuse to listadmin@xxxxxxxxxxxxxx >> >> >> ------------------------------------------------------ >> List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist >> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp >> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ >> ------------------------------------------------------ >> Other Internet Software Marketing Sites: >> World of Windows Networking: http://www.windowsnetworking.com Leading >> Network Software Directory: http://www.serverfiles.com >> No.1 ISA Server Resource Site: http://www.isaserver.org Windows >> Security Resource Site: http://www.windowsecurity.com/ Network >> Security Library: http://www.secinf.net/ Windows 2000/NT Fax >> Solutions: http://www.ntfaxfaq.com >> ------------------------------------------------------ >> You are currently subscribed to this MSEXchange.org Discussion List > as: >> andrew@xxxxxxxxxxxxxxxxxxxxxx >> To unsubscribe visit >> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist >> Report abuse to listadmin@xxxxxxxxxxxxxx >> >> ------------------------------------------------------ >> List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist >> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp >> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ >> ------------------------------------------------------ >> Other Internet Software Marketing Sites: >> World of Windows Networking: http://www.windowsnetworking.com Leading >> Network Software Directory: http://www.serverfiles.com >> No.1 ISA Server Resource Site: http://www.isaserver.org Windows >> Security Resource Site: http://www.windowsecurity.com/ Network >> Security Library: http://www.secinf.net/ Windows 2000/NT Fax >> Solutions: http://www.ntfaxfaq.com >> ------------------------------------------------------ >> You are currently subscribed to this MSEXchange.org Discussion List > as: >> tshinder@xxxxxxxxxxx >> To unsubscribe visit >> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist >> Report abuse to listadmin@xxxxxxxxxxxxxx >> >> >> >> ------------------------------------------------------ >> List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist >> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp >> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ >> ------------------------------------------------------ >> Other Internet Software Marketing Sites: >> World of Windows Networking: http://www.windowsnetworking.com Leading >> Network Software Directory: http://www.serverfiles.com >> No.1 ISA Server Resource Site: http://www.isaserver.org Windows >> Security Resource Site: http://www.windowsecurity.com/ Network >> Security Library: http://www.secinf.net/ Windows 2000/NT Fax >> Solutions: http://www.ntfaxfaq.com >> ------------------------------------------------------ >> You are currently subscribed to this MSEXchange.org Discussion List > as: >> rickb@xxxxxxxxxxxxxxx >> To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist >> Report abuse to listadmin@xxxxxxxxxxxxxx > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com Leading > Network Software Directory: http://www.serverfiles.com > No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security > Resource Site: http://www.windowsecurity.com/ Network Security Library: > http://www.secinf.net/ Windows 2000/NT Fax Solutions: > http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this MSEXchange.org Discussion List as: > andrew@xxxxxxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Report abuse to listadmin@xxxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com Leading > Network Software Directory: http://www.serverfiles.com > No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security > Resource Site: http://www.windowsecurity.com/ Network Security Library: > http://www.secinf.net/ Windows 2000/NT Fax Solutions: > http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this MSEXchange.org Discussion List as: > raj.periyasamy@xxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Report abuse to listadmin@xxxxxxxxxxxxxx > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com Leading > Network Software Directory: http://www.serverfiles.com > No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security > Resource Site: http://www.windowsecurity.com/ Network Security Library: > http://www.secinf.net/ Windows 2000/NT Fax Solutions: > http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this MSEXchange.org Discussion List as: > michael@xxxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Report abuse to listadmin@xxxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 ISA Server Resource Site: http://www.isaserver.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this MSEXchange.org Discussion List as: > raj.periyasamy@xxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Report abuse to listadmin@xxxxxxxxxxxxxx > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 ISA Server Resource Site: http://www.isaserver.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this MSEXchange.org Discussion List as: > andrew@xxxxxxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Report abuse to listadmin@xxxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 ISA Server Resource Site: http://www.isaserver.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this MSEXchange.org Discussion List as: > raj.periyasamy@xxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Report abuse to listadmin@xxxxxxxxxxxxxx > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 ISA Server Resource Site: http://www.isaserver.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this MSEXchange.org Discussion List as: > rickb@xxxxxxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Report abuse to listadmin@xxxxxxxxxxxxxx