Fauzi, The best way to decide which strategy for your email/workgroup server is to identify who and from where the user will be coming in to access the server. It doesn't have to run vpn to let outside user access the workgroup. You can use OWA so that external user use their browser(preferably using https) to access all the workgroup function. This way you only configure your firewall to allow port 443 from external to the OWA server.
*normally personally I don't recommend to put a full blown(workgroup+pop3+smtp) exchange server even in a dmz zone. Izam -----Original Message----- From: Fauzi Badron [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 11:27 AM To: Aftarul Izam B. Basri Cc: [EMAIL PROTECTED] Subject: Re: RE: Open port 1023-65535 My Mail server located in DMZ.Should i changes to VPN from DMZ to allow the workgroup function of Exchange.TQ Fauzi Badron (New Fauzi) System Administrator Sepakat Computer Consultant Sdn Bhd ----- Original Message ----- From: "Aftarul Izam B. Basri" <[EMAIL PROTECTED]> Date: Tuesday, April 23, 2002 9:23 am Subject: RE: Open port 1023-65535 > It depend......if you run Exchange only for basic email > server(POP3 and > SMTP) thats all the port you should open. But if you run a > complete Exchange > server which mean beside POP3/SMTP, also all its workgroup > function like > journal, contacts list, public folders, then there will be few > more ports > you should open. But for a better security, normally we don't > allow external > people to access the workgroup function of Exchange only for POP3 > and SMTP. > If they still want to access all function, better to go through > VPN first at > then access Exchange workgroup function. > > Izam > RHB KL > > -----Original Message----- > From: Fauzi Badron [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, April 23, 2002 9:14 AM > To: Tan Tshun Kiat > Cc: [EMAIL PROTECTED] > Subject: Re: Open port 1023-65535 > > > If I use Microsoft Exchange 2000 what port must i open. > > Fauzi Badron (New Fauzi) > System Administrator > Sepakat Computer Consultant Sdn Bhd > > ----- Original Message ----- > From: Tan Tshun Kiat <[EMAIL PROTECTED]> > Date: Tuesday, April 23, 2002 8:59 am > Subject: Re: Open port 1023-65535 > > > Hi, > > TCP port 25 for SMTP is good enough. If it's POP, then 110. IMAP > > port 143. > > > > Regards, > > -- > > Tan Tshun Kiat (Mr) > > Systems Administrator (Unix) > > Information Technology Group > > Institute For Communications Research > > > > > > Fauzi Badron wrote: > > > > > All, > > > > > > Does suitable to open tcp port 1023 to 65535 for mail server > at my > > > firewall? > > > > > > Fauzi Badron > > > System Administrator > > > Sepakat Computer Consultant Sdn Bhd > > > > > > _______________________________________________ > > > Firewalls mailing list > > > [EMAIL PROTECTED] > > > http://lists.gnac.net/mailman/listinfo/firewalls > > > > > > > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls > This message is intended only for the use of the person(s) to whom > it is > addressed and may contain information that is privileged or otherwise > protected from disclosure.If you are not the intended recipient > you are > hereby notified that any use, review, disclosure or copying of > this message > and the information it contains is prohibited. If you receive the > message in > error , please notify the sender by reply e-mail and discard all its > contents. Thank You. > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls > This message is intended only for the use of the person(s) to whom it is addressed and may contain information that is privileged or otherwise protected from disclosure.If you are not the intended recipient you are hereby notified that any use, review, disclosure or copying of this message and the information it contains is prohibited. If you receive the message in error , please notify the sender by reply e-mail and discard all its contents. Thank You. _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
