[THIN] Re: OT: Access Exchange from outside firewall

  • From: "Chris Lynch" <lynch00@xxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>
  • Date: Wed, 12 Mar 2003 14:30:55 -0800

=20
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Again, to protect your data, you will need to implement a VPN
solution.  NEVER open ports that have common exploits, like the RPC
service or even NetBIOS services.  If you don't want to put in a VPN
solution, then look at ISA with SP1.  I have heard that it works
quite well.

Chris

- -----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Vince Tan
Sent: Wednesday, March 12, 2003 2:26 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: OT: Access Exchange from outside firewall



They need to sync to their mailbox for when they are on the road.  I
might have to use pop or trying imap now.  Or might have to use VPN.

Vince

- -----Original Message-----
From: Chris Lynch [mailto:lynch00@xxxxxxx]=3D20
Sent: Wednesday, March 12, 2003 5:09 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: OT: Access Exchange from outside firewall



=3D3D20
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Correct.  There was just a VERY long discussion in the MS Security Focus =
mailing list because someone wanted to open ports to allow an Outlook =
client to directly attach to an Exchange server from the Internet.

Some said to use ISA server, while others (like me) said to use a VPN =
device.  You NEVER want to open RPC to the Internet.  You are just =
begging hackers to break into your system and get critical information.

Again, my question goes back to "why are you wanting to open ports for =
your Exchange server to the Internet?"  Is it because someone wants to =
get to their mailbox?  If so, then either publish Outlook, or have them =
connect to OWA (secured with an SSL certificate).

Chris

- - -----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On =
Behalf Of Ryan Lambert
Sent: Wednesday, March 12, 2003 2:01 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: OT: Access Exchange from outside firewall



What are your objectives?

I would suggest maybe just POP the box, unless you want the Exchange =
Address Book/Public Folders/etc. Or better yet, implement a published =
application via Citrix and create a connection that way. ;-)

Personally, I am not in favor of opening any more ports than absolutely =
necessary.

- - -----Original Message-----
From: Chris Lynch [mailto:lynch00@xxxxxxx]=3D3D3D20
Sent: Wednesday, March 12, 2003 4:48 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: OT: Access Exchange from outside firewall


=3D3D3D3D20
- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Why are you doing this?  You need to open more ports than what you have =
=3D3D =3D3D3D3D selected.  Mainly, the GC port, port 135, possibly 139.  =
Why =3D not =3D3D use a =3D3D3D =3D3D3D3D VPN connection?  If you have =
Windows 2000, use =3D RRAS. If =3D3D not, then look =3D3D3D3D for a =
project called Wolverine.  It's a =3D small =3D3D distro that will give =
you =3D3D3D3D PPTP VPN support.  Very easy to =3D setup, =3D3D and is =
Linux based.

Chris

- - - -----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On =
=3D =3D3D =3D3D3D =3D3D3D3D Behalf Of Vince Tan
Sent: Wednesday, March 12, 2003 1:39 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] OT: Access Exchange from outside firewall



Hi Everyone,  I've been working on this for the better half of the day =
=3D =3D3D =3D3D3D =3D3D3D3D and can't seem to get anywhere.  I'm trying =
to setup an =3D =3D3D Outlook client =3D3D3D =3D3D3D3D to connect to my =
Exchange 2K server.  The =3D =3D3D Outlook client is outside the =
=3D3D3D3D firewall connected via the =3D internet. =3D3D  I already =
setup the =3D3D3D3D =3D3D =
HLKM\System\CurrentControlSet\Service\MSExchangeDS\Parameters,
HKLM\System\CurrentControlSet\Services\MSExchangeIS\ParametersSystem to =
=3D3D =3D3D3D3D point to static port.  I also configured the firewall =
=3D already for =3D3D those =3D3D3D3D 2 ports.=3D3D3D3D3D20

When I start the Outlook client, I get "Exchanger server unavailable". =
=3D =3D3D =3D3D3D =3D3D3D3D Oh, I also set up the hosts file to point to =
the right ip =3D =3D3D address for =3D3D3D =3D3D3D3D the exchange =
server.

Thanks for any help

Vince
*********************************************************
This Week's Sponsor - RTO Software / TScale
TScale increases terminal server capacity.=3D3D3D3D20
Get 30-40% more users per server to save $$$ and time.=3D3D3D3D20 Add =
=3D users now! - not more servers. If you're using Citrix,=3D3D3D3D20 =
you =3D3D must =3D learn about TScale!  Free 30-day eval: =3D3D3D3D =
=3D3D http://www.rtosoft.com/Enter.asp?ID=3D3D3D3D3D79
**********************************************************

For Archives, to Unsubscribe, Subscribe or=3D3D3D3D20
set Digest or Vacation mode use the below link: =3D3D3D3D =3D3D =
http://thethin.net/citrixlist.cfm

- - -----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
Comment: Public PGP key for Chris Lynch

iQA/AwUBPm+rK29fg+xq5T3MEQINsQCgq4WxDrZuZJE9JhVxA0BWnxkYlk8AnRWW
ZABgkfxWWkUyQvIfycnqwUGk
=3D3D3D3D3D2S9m
- - -----END PGP SIGNATURE-----


*********************************************************
This Week's Sponsor - RTO Software / TScale
TScale increases terminal server capacity.=3D3D3D20
Get 30-40% more users per server to save $$$ and time.=3D3D3D20 Add =
users now! - not more servers. If you're using Citrix,=3D3D3D20 you =3D =
must =3D3D learn about TScale!  Free 30-day eval: =3D3D =
http://www.rtosoft.com/Enter.asp?ID=3D3D3D3D79
**********************************************************

For Archives, to Unsubscribe, Subscribe or=3D3D3D20
set Digest or Vacation mode use the below link: =3D3D =
http://thethin.net/citrixlist.cfm
*********************************************************
This Week's Sponsor - RTO Software / TScale
TScale increases terminal server capacity.=3D3D20
Get 30-40% more users per server to save $$$ and time.=3D3D20
Add users now! - not more servers. If you're using Citrix,=3D3D20 you =
must learn about TScale!  Free 30-day eval: =3D3D =
http://www.rtosoft.com/Enter.asp?ID=3D3D3D79
**********************************************************

For Archives, to Unsubscribe, Subscribe or=3D3D20
set Digest or Vacation mode use the below link: =3D3D =
http://thethin.net/citrixlist.cfm

- -----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
Comment: Public PGP key for Chris Lynch

iQA/AwUBPm+v8G9fg+xq5T3MEQLsygCg1SLK2rr3OxqK6vU3vfBvFXyX2b0Anisd
LaNqa1egWFn7bZLqIPvEeZK0
=3D3D3DV2mL
- -----END PGP SIGNATURE-----


*********************************************************
This Week's Sponsor - RTO Software / TScale
TScale increases terminal server capacity.=3D20
Get 30-40% more users per server to save $$$ and time.=3D20
Add users now! - not more servers. If you're using Citrix,=3D20 you must =
learn about TScale!  Free 30-day eval: =
http://www.rtosoft.com/Enter.asp?ID=3D3D79
**********************************************************

For Archives, to Unsubscribe, Subscribe or=3D20
set Digest or Vacation mode use the below link: =
http://thethin.net/citrixlist.cfm
*********************************************************
This Week's Sponsor - RTO Software / TScale
TScale increases terminal server capacity.=20
Get 30-40% more users per server to save $$$ and time.=20
Add users now! - not more servers. If you're using Citrix,=20
you must learn about TScale!  Free 30-day eval: =
http://www.rtosoft.com/Enter.asp?ID=3D79
**********************************************************

For Archives, to Unsubscribe, Subscribe or=20
set Digest or Vacation mode use the below link: =
http://thethin.net/citrixlist.cfm

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
Comment: Public PGP key for Chris Lynch

iQA/AwUBPm+1Hm9fg+xq5T3MEQKFfgCfTGw3Q2H7dgWnyQIq5xGVgZSlA7EAoMU4
iJd+1qTdcTc0mNtG0lsrttBH
=3DOIgU
-----END PGP SIGNATURE-----


*********************************************************
This Week's Sponsor - RTO Software / TScale
TScale increases terminal server capacity. 
Get 30-40% more users per server to save $$$ and time. 
Add users now! - not more servers. If you're using Citrix, 
you must learn about TScale!  Free 30-day eval:
http://www.rtosoft.com/Enter.asp?ID=79
**********************************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

Other related posts: