Exchange just doesn't belong on a DMZ. What purpose would it serve there? For every single purpose anyone could think of, there is a better solution that keeps Exchange inside the firewall, more secure and less prone to hacker attacks.
Ben Winzenz, MCSE Network/Systems Administrator Peregrine Systems
-----Original Message-----
This may sound ignorant, and if it does, then I guess it really is ignorant, but here goes anyway.
Why is placing an Exchange server on the DMZ bad? We are getting a PIX soon and are going to be changing a lot of things here. Our reseller just informed me the price of the PIX 515 dropped big time too but that it is also being replaced by a faster one...the 515E for the same price.
-----Original Message-----
That was the intent of what I was thinking - something to tide him over. But he also didn't say whether this was multihomed, or sitting in the DMZ (Gosh I hope not!), or what. Without more specifics, we are trying to hit baseballs with straws.
Ben Winzenz, MCSE Network/Systems Administrator Peregrine Systems
-----Original Message-----
I was thinking the same thing. Heck, even Zonealarm or something just to hold you over. -----Original Message----- You can turn off unused/unwanted protocols under the Site, Configuration, Protocols, properties for each protocol. This should render the ports inactive and unable to accept connections on them. You can also do the same on a per server basis under the Server, Protocols, properties for each protocol. This will cover the Exchange protocols only though.
I really think that if you are wanting to filter that many ports, you should look at a firewall. Heck, even if it is a software firewall to start with. It would be better than nothing.
Ben Winzenz, MCSE Network/Systems Administrator Peregrine Systems
-----Original
Message-----
Why no SSL? -----Original Message----- Thanks for the reply.
Not for relay, but we do not have any firewall as yet, and i would like to close unecessary ports. Its a fresh installtion NT server PDC, Exchange 5.5. So all the ports are open. I just want 25, 110, 80 to be open.
I tried that on TCP/IP security and nobody could connect to mail server ....
----- Original Message ----- From: Martin Blackstone Sent: Thursday, February 21, 2002 11:02 PM Subject: RE: Securing Exchange Server
So are you saying someone used you as a relay or hacked your box or what?
Are you behind a FW? What ports are open to the Exch server? -----Original Message----- Hello,
I have tried many times but failed to secure Our Exchange Server. We have a Exchnage server for only
Server has NT4, IIS4, DNS.
How Do I use TCP IP security tab to configure security so that all the unnecessary ports are closed, we only use exchnage for POP3 and SMTP.
The last time I tried I got Max user limit .... on SMTP List Charter
and FAQ at: List Charter
and FAQ at: List Charter and FAQ at: List Charter and FAQ at: List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm |
Title: Message
- RE: Securing Exchange Server Ben Winzenz
- Re: Securing Exchange Server Manish Govindji
- RE: Securing Exchange Server Ben Winzenz
- RE: Securing Exchange Server Martin Blackstone
- RE: Securing Exchange Server Allen Crawford
- Re: Securing Exchange Server Manish Govindji
- RE: Securing Exchange Server Martin Blackstone
- RE: Securing Exchange Server Clark, Steve
- RE: Securing Exchange Server Allen Crawford
- RE: Securing Exchange Server Ben Winzenz
- RE: Securing Exchange Server Ben Winzenz
- RE: Securing Exchange Server Allen Crawford
- RE: Securing Exchange Server Jim Holmgren