Hi,
Since i got the wonderfull incumbency of setting up a secure webmail
for my org, i've been thinking how this "free-webmail-service people"
design their sites... The problem is we need to implement it using
"outlook-web", "pdc" and "exchange". Considering the way they
communicate, it seems to microsoft God has made the world flat.
But then came firewalls and firewalls divided "outlook-web" from
"pdc and exchange", and they were never more able to talk without a
big hole between our external and internal nets.
The first alternative was reverse-proxying the connection to our
internal net, where outlook-web, pdc and exchange all live.
If someone exploits outlook-web, he gets the internal net, thats
exactly what we're trying to avoid.
The sec alternative was DMZing the outlook-web. But still we got the
[135,137,138,139,1024-65535] tcp/udp hole pointing to pdc and
exchange. So if outlook-web is taked, pdc and exchange are exposed.
Looks better, but does it look secure ?
I've been looking IMP from horde.org [free webmail] and it looks good
'cos you only need IMAP opened from dmz to internal net, anybody has
been using it successfully ?
That's it. I need message-retrieving, i need authentication, i need
web interface, and i need it to be secure.
Please, don't tell me i need to pray...
Thanks in advance!
MailBR - O e-mail do Brasil -- http://www.mailbr.com.br
Fa�a j� o seu. � gratuito!!!
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
