From: "Tim Jordan" <tim@xxxxxxxxxxxxx>
Reply-To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
Subject: [exchangelist] RE: Exchange with SSL - OWA Access
Date: Wed, 22 Dec 2004 16:33:11 -0900
http://www.MSExchange.org/
Hi Tom,
Your comments left me a little confused. If the client is using SSL to
connect to the Apache server which then passes the request to the
internal OWA server...where does the "security nightmare" come into
play?
I personally use https://mywebsite/exchange to connect to my OWA server
which is proxied by Apache. It works great and the user is prompted to
accept the cert from the OWA server. So the Apache server is running
SSL and so is the OWA server.
TJ
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Wednesday, December 22, 2004 1:05 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Exchange with SSL - OWA Access
http://www.MSExchange.org/
HI Tim,
That allows for SSL to HTTP bridging! A security nightmare. And he has
the gall to say that IIS is insure after describing such a config. Arrg!
Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
-----Original Message-----
From: Tim Jordan [mailto:tim@xxxxxxxxxxxxx]
Sent: Wednesday, December 22, 2004 2:43 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Exchange with SSL - OWA Access
http://www.MSExchange.org/
Ola,
Here is another link for proxying OWA through Apache server.
http://3cx.org/static/pages/1
TJ
-----Original Message-----
From: Tim Jordan [mailto:tim@xxxxxxxxxxxxx]
Sent: Wednesday, December 22, 2004 11:16 AM
To: [ExchangeList]
Subject: [exchangelist] RE: Exchange with SSL - OWA Access
http://www.MSExchange.org/
I disagree with Andrew on this. There is no need for ISA or dumping
Apache to make this work.
Ola, are you an experinced Apache admin? If you are I would suggest
researching Apache proxy. If you have a unix admin he/she should know
this stuff.
TJ
-----Original Message-----
From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx]
Sent: Tuesday, December 21, 2004 7:40 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Exchange with SSL - OWA Access
http://www.MSExchange.org/
You need to invest in a real firewall like ISA server that way you do
what you are asking without worrying about port 80 being signed to one
machine.
I currently run a web server on a separate box and Exchange on another
which my users can access their web sites and emails from, both are
running on port 80, however my ISA server knows what is coming in for
web and what is coming in for OWA and thus points the connections to the
right server.
Using your everyday Linksys type router will not work for you. If you
can't afford to invest in a proper firewall then I suggest you run your
web sites from your Exchange Server and dump the Apache box.
Andrew
-----Original Message-----
From: Ola One [mailto:ola_atb@xxxxxxxxxxx]
Sent: Tuesday, December 21, 2004 9:48 PM
To: [ExchangeList]
Subject: [exchangelist] Exchange with SSL - OWA Access
http://www.MSExchange.org/
Hello all,
I have a peculiar problem. I have two win2k3 Enterprise on my network.
Apache webserver is sitting on one, and Exchange 2003 Enterprise is
sitting on the other.
The Apache Server came first and so the router has been used to map Port
80 to the Apache Server. Now with Exchange installed, the question are
two
folds:
1. Exchange was installed and Microsoft Certificate Authority was
generated and used. So SSL is on. Based on this, if the users are
willing, can they access OWA through HTTPS and not bother with HTTP
since Port 80 is in use by the Apache Server. That way, the router can
open Port 25, 110, and 443 to the Exchnage server? The main way of
connecting to this server is mostly
through OWA.
2. I have forgotten whose address I put in Forwarders in my DNS entry
(Would that be my WAN IP?), and whether I need to include MX record in
my forward lookup zone.
Thank you all in advance.
Ola
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
andrew@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
tim@xxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
tim@xxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
tshinder@xxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
tim@xxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
ola_atb@xxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx
