Re: [fw-wiz] Exchange & Blackberry
strider_at_mailworks.org
Date: 06/22/04
- Previous message: Steffen Kluge: "Re: [fw-wiz] Web server security?"
- In reply to: Geoff Bleau: "[fw-wiz] Exchange & Blackberry"
- Next in thread: Paul D. Robertson: "Re: [fw-wiz] Exchange & Blackberry"
- Reply: Paul D. Robertson: "Re: [fw-wiz] Exchange & Blackberry"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Geoff Bleau" <geoffb@bellsouth.net>, "Firewall Wizards" <firewall-wizards@honor.icsalabs.com> Date: Tue, 22 Jun 2004 06:46:43 -0500
I agree with others that I wouldn't put my Exchange server as MX for
whatever domain you're dealing with. Certainly I would at least put some
sort of relay in front of it for both inbound and outbound traffic. My
favorite flavor MTA for this is Postfix but there are others, some
really cool SPAM/AV MTAs depending on the bucks you've got.
As for Blackberry, it's an outbound TCP connection on one port (3101 I
think) to Blackberry's srp servers (additional outbound requirements if
you are doing MDS). However the connections from Blackberry to Exchange
require a MAPI connection and is not firewall friendly. See:
Therefore, for placement, I usually go with:
Border MTA on the DMZ with only port 25 inbound from the world, port 25
outbound to the world and port 25 to/from the internal Exchange server.
Config the MTA as a relay for only your Exchange server.
Exchange on the inside config'ed to forward to the border MTA.
As for Blackberry, it's a risk tradeoff. What's the chances of that
outbound connection doing bad things vs. the pain of trying to get it
config'ed in the DMZ and what would that buy you?
Cheers,
Don
On Mon, 21 Jun 2004 12:37:52 -0400, "Geoff Bleau" <geoffb@bellsouth.net>
said:
> Hi,
>
> I'm looking for suggestions on 'best-policy' for implementing
> a MS Exchange Server 2003 and Blackberry Server installation
> at a client site.
>
> Will be using a Sonicwall 2040 ( which has a DMZ port )
>
> 1) Where should the servers be placed ( LAN or DMZ ) ??
> 2) What security issues will this 'open up' ??
> 3) Any other caveats ??
>
> Thanks,
>
> Geoff Bleau
>
>
> --
> " I like my women like I
> like my coffee......
> bitter and murky. "
> GC
>
> Geoff Bleau - geoffb@bellsouth.net
> Florida Software & Data Systems http://www.flsoft.com
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
-- strider@mailworks.org _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Steffen Kluge: "Re: [fw-wiz] Web server security?"
- In reply to: Geoff Bleau: "[fw-wiz] Exchange & Blackberry"
- Next in thread: Paul D. Robertson: "Re: [fw-wiz] Exchange & Blackberry"
- Reply: Paul D. Robertson: "Re: [fw-wiz] Exchange & Blackberry"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
