SMTP Size Restriction on Per User Basis
Dear List, Setup: SMTP Gateway: Exchange 2000: I have a 2 MB smtp size restriction on gateway, one on my user wants to send 5 MB of file on 10th of every month. I don't want to increase the size on smtp gateway as it could allow all internet users to throw in mails of 5 MB. Is there a way to allow certain users to send 5MB size mails as outbound only. I hope my question is clear to all. regards, Irf. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: OWA and SMTP
You are going down a road that you do not want to go down. You understand that in order to be a FE server, you have to be running Exchange Enterprise edition, right? (ok, if you run Exchange 2003, you can run Standard edition) The only ports you would have to open up from the outside to the FE server would be 25, 80 and/or 443. However, the problem is that you must open up additional ports betweeen the FE server and the BE server, and between the FE server and the DC/GC's. Opening these ports makes it not worth it to place it in the DMZ. Now, if you just want to place a SMTP Relay server (don't mistake that term for Open relay) in the DMZ, that is much safer to do. So, what is your end goal here? FE/BE setup, or SMTP Relay server? Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Davinder Gupta [mailto:[EMAIL PROTECTED] Posted At: Monday, December 08, 2003 8:23 PM Posted To: Exchange (Swynk) Conversation: OWA and SMTP Subject: OWA and SMTP I am setting up a Windows 2000 member server in DMZ, which will be our SMTP and OWA front end server. Which ports do I need to open to make this work. Is there a KB article that you guy could point me to? Thanks Davinder _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: SMTP Size Restriction on Per User Basis
I don't know of any easy way to do that. But I have to admit, 2 MB is pretty tight. With the encoding overhead, that only allows for about a 1.5 MB file. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Exchange List Sent: Tuesday, December 09, 2003 2:33 AM To: Exchange Discussions Subject: SMTP Size Restriction on Per User Basis Dear List, Setup: SMTP Gateway: Exchange 2000: I have a 2 MB smtp size restriction on gateway, one on my user wants to send 5 MB of file on 10th of every month. I don't want to increase the size on smtp gateway as it could allow all internet users to throw in mails of 5 MB. Is there a way to allow certain users to send 5MB size mails as outbound only. I hope my question is clear to all. regards, Irf. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Migrating Exchange 5.5 with PSS cut off
How so? Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Martin Tuip [MVP] [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 6:04 PM To: Exchange Discussions Subject: Re: Migrating Exchange 5.5 with PSS cut off This list has lost a little of the charm it had back a few years ago though. -- Martin Tuip MVP Exchange Exchange 2000 List owner www.exchange-mail.org www.sharepointserver.com [EMAIL PROTECTED] -- - Original Message - From: Boyd, Nathan [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 08, 2003 4:00 PM Subject: RE: Migrating Exchange 5.5 with PSS cut off Tener was genius! Although I think Martin Blackstone may disagree. -Original Message- From: Martin Tuip [MVP] [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 3:04 PM To: Exchange Discussions Subject: Re: Migrating Exchange 5.5 with PSS cut off Tener, Avi Smith-Rapaport and Mark Hanji do no longer post here nor have I seen anything from them in the last 6 months. -- Martin Tuip MVP Exchange Exchange 2000 List owner www.exchange-mail.org www.sharepointserver.com [EMAIL PROTECTED] -- - Original Message - From: Boyd, Nathan [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 08, 2003 1:47 PM Subject: RE: Migrating Exchange 5.5 with PSS cut off Sorry Eric, when you have spent over 3 years on this list, different aliases, you will appreciate that some of the new contributors' posts can be a little irritating. Talking of irritating contributors what happened to Richard Tenner? -Original Message- From: Eric Fretz [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 1:40 PM To: Exchange Discussions Subject: RE: Migrating Exchange 5.5 with PSS cut off It was meant to be a joke, a funny, a juxaposition of disprate ideas used to make spontaneous contractions of the lower abdominal muscles. I was suggesting that we (the list) would be glad to offer our support during his transition, for a nominal fee. This is of course absurd because offering our support for free is what we do anyways. You really should get out more often! Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Boyd, Nathan [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 3:37 PM To: Exchange Discussions Subject: RE: Migrating Exchange 5.5 with PSS cut off You mean as opposed to PSS? What benefits could you provide that Microsoft can not? Will you offer full support for less than $245, and if all fails send a team of engineers on site? Or are you suggesting this is not a relevant discussion item for this list? -Original Message- From: Eric Fretz [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 1:18 PM To: Exchange Discussions Subject: RE: Migrating Exchange 5.5 with PSS cut off I'm sure that this discussion list would be glad to provide support for you during you transition, for a nominal fee, of course! ;-) Eric Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Boyd, Nathan [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 3:17 PM To: Exchange Discussions Subject: Migrating Exchange 5.5 with PSS cut off I am a fellow Exchange 5.5 customer who is thinking about migrating to 2000 or 2003 next year. The question is related to Microsoft ceasing support of 5.5 at the end of next year, and how others are managing their migrations because of it. We have a native 2000 AD network with a half dozen or so 5.5 servers. The databases are stored on the SAN, we have 2000 user accounts, OWA and Public folders are fully utilized. The issue is we are time constrained with a more important project that does not end until August next year (I'm sure that sounds familiar to many of you). Currently that project is all encompassing and we do not plan to invest time in the mail migration until the other project is fully completed. Ideally I would have the Exchange migration already completed before the time we are currently planning to start it. My concern is we need a decent cushion of time before 5.5 support ends, incase of interoperability problems, I envisage a mixed 5.5 2k/2k3 migration. It may be that in a mixed 5.5 2k/2k3 environment MS would provide support while we fully move to a support Exchange, even after the PSS cut off time. Any thoughts would be
SMTP Connectors
Platform: Win2K/sp4 Exchange 2K/sp3 with 4 Vvirtual SMTP Servers that currently send email to the internet via DNS ... Challenge: I want to route all email sent to one specific email address ([EMAIL PROTECTED] ) through my spam server (spam.server.org) ... It looks like I will do this with an SMTP connector that uses my spam server (spam.server.org) as a smart host and the email address ([EMAIL PROTECTED] ) as my address space ... Does this sound correct? Do I also need to set up my Virtual SMTP Servers as local bridgehead servers? Thanks in advance ... Mike _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: OWA and SMTP
80(HTTP), 443(SSL) and a few others. Check out kb# 280132 Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Davinder Gupta [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 7:23 PM To: Exchange Discussions Subject: OWA and SMTP I am setting up a Windows 2000 member server in DMZ, which will be our SMTP and OWA front end server. Which ports do I need to open to make this work. Is there a KB article that you guy could point me to? Thanks Davinder _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Discussions or Newsgroups
If e-mail discussions is what you want, check out http://www.lsoft.com/ Otherwise, get a cheap old desktop computer, install Linux and run lyris or mailman on it. Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 6:43 PM To: Exchange Discussions Subject: Discussions or Newsgroups What's the best way to host Discussions or newsgroup type features in Exchange 2000? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Migrating Exchange 5.5 with PSS cut off
You had to be here... Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Eric Fretz [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 8:53 AM Posted To: Exchange (Swynk) Conversation: Migrating Exchange 5.5 with PSS cut off Subject: RE: Migrating Exchange 5.5 with PSS cut off How so? Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Martin Tuip [MVP] [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 6:04 PM To: Exchange Discussions Subject: Re: Migrating Exchange 5.5 with PSS cut off This list has lost a little of the charm it had back a few years ago though. -- Martin Tuip MVP Exchange Exchange 2000 List owner www.exchange-mail.org www.sharepointserver.com [EMAIL PROTECTED] -- - Original Message - From: Boyd, Nathan [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 08, 2003 4:00 PM Subject: RE: Migrating Exchange 5.5 with PSS cut off Tener was genius! Although I think Martin Blackstone may disagree. -Original Message- From: Martin Tuip [MVP] [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 3:04 PM To: Exchange Discussions Subject: Re: Migrating Exchange 5.5 with PSS cut off Tener, Avi Smith-Rapaport and Mark Hanji do no longer post here nor have I seen anything from them in the last 6 months. -- Martin Tuip MVP Exchange Exchange 2000 List owner www.exchange-mail.org www.sharepointserver.com [EMAIL PROTECTED] -- - Original Message - From: Boyd, Nathan [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Monday, December 08, 2003 1:47 PM Subject: RE: Migrating Exchange 5.5 with PSS cut off Sorry Eric, when you have spent over 3 years on this list, different aliases, you will appreciate that some of the new contributors' posts can be a little irritating. Talking of irritating contributors what happened to Richard Tenner? -Original Message- From: Eric Fretz [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 1:40 PM To: Exchange Discussions Subject: RE: Migrating Exchange 5.5 with PSS cut off It was meant to be a joke, a funny, a juxaposition of disprate ideas used to make spontaneous contractions of the lower abdominal muscles. I was suggesting that we (the list) would be glad to offer our support during his transition, for a nominal fee. This is of course absurd because offering our support for free is what we do anyways. You really should get out more often! Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Boyd, Nathan [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 3:37 PM To: Exchange Discussions Subject: RE: Migrating Exchange 5.5 with PSS cut off You mean as opposed to PSS? What benefits could you provide that Microsoft can not? Will you offer full support for less than $245, and if all fails send a team of engineers on site? Or are you suggesting this is not a relevant discussion item for this list? -Original Message- From: Eric Fretz [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 1:18 PM To: Exchange Discussions Subject: RE: Migrating Exchange 5.5 with PSS cut off I'm sure that this discussion list would be glad to provide support for you during you transition, for a nominal fee, of course! ;-) Eric Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Boyd, Nathan [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 3:17 PM To: Exchange Discussions Subject: Migrating Exchange 5.5 with PSS cut off I am a fellow Exchange 5.5 customer who is thinking about migrating to 2000 or 2003 next year. The question is related to Microsoft ceasing support of 5.5 at the end of next year, and how others are managing their migrations because of it. We have a native 2000 AD network with a half dozen or so 5.5 servers. The databases are stored on the SAN, we have 2000 user accounts, OWA and Public folders are fully utilized. The issue is we are time constrained with a more important project that does not end until August next year (I'm sure that sounds familiar to many of you). Currently that project is all encompassing and we do not plan to invest time in the mail migration until the other project is fully completed. Ideally I would have the Exchange migration already completed before the time we are currently planning to start
RE: OWA and SMTP
Its much more extensive than that when putting the FE in the DMZ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fretz Sent: Tuesday, December 09, 2003 5:55 AM To: Exchange Discussions Subject: RE: OWA and SMTP 80(HTTP), 443(SSL) and a few others. Check out kb# 280132 Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Davinder Gupta [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 7:23 PM To: Exchange Discussions Subject: OWA and SMTP I am setting up a Windows 2000 member server in DMZ, which will be our SMTP and OWA front end server. Which ports do I need to open to make this work. Is there a KB article that you guy could point me to? Thanks Davinder _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: OWA and SMTP
He just asked for the ports and I pointed him to the kb on open ports. I agree that putting a Front End in a DMZ is no walk in the park and did not intend to make it sound that easy. Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 8:10 AM To: Exchange Discussions Subject: RE: OWA and SMTP Its much more extensive than that when putting the FE in the DMZ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fretz Sent: Tuesday, December 09, 2003 5:55 AM To: Exchange Discussions Subject: RE: OWA and SMTP 80(HTTP), 443(SSL) and a few others. Check out kb# 280132 Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Davinder Gupta [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 7:23 PM To: Exchange Discussions Subject: OWA and SMTP I am setting up a Windows 2000 member server in DMZ, which will be our SMTP and OWA front end server. Which ports do I need to open to make this work. Is there a KB article that you guy could point me to? Thanks Davinder _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Export and Import of fields - custom attributes
I have done an export from exchange admin: I cannot get the export file to include custom attributes though, it is ignoring them, what needs to be done? Thanks Vanessa Watkins Royal Holloway, University of London -Original Message- From: Fyodorov, Andrey [mailto:[EMAIL PROTECTED] Sent: 08 December 2003 21:07 To: Exchange Discussions Subject: RE: Export and Import of fields Write a batch file with two Export passes then Type one file and append it () to the other. Sincerely, Andrey Fyodorov, Exchange MVP Systems Engineer Messaging and Collaboration Spherion -Original Message- From: Hatley, Ken [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 4:00 PM To: Exchange Discussions Subject: RE: Export and Import of fields The help file shows ExportObject=[Mailbox, Remote (custom recipients), DL, Recipients (all recipients), All (all object types)] (default=Mailbox) I need to get Mailbox and DL in one automated export. -Original Message- From: Hatley, Ken Sent: Monday, December 08, 2003 2:57 PM To: Exchange Discussions Subject: RE: Export and Import of fields I don't think that will work, obj class is where you differentiate DL's and Mailboxes. If you do not specify you only get mailboxes. I think you have to do it with the /o and options file, I just don't know the proper syntax. -Original Message- From: Dickenson, Steven [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 2:54 PM To: Exchange Discussions Subject: RE: Export and Import of fields headers.exe. Steven --- Steven Dickenson [EMAIL PROTECTED] Network Administrator The Key School, Annapolis Maryland -Original Message- From: Hatley, Ken [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 3:52 PM To: Exchange Discussions Subject: RE: Export and Import of fields I have a question related to this as well. I am trying to set up admin /e export of all DL's and Mailboxes in an Exchange 5.5 org and looking at the Options file, I don't understand the syntax for getting what I need can anyone help me out. I see you can grab one or the other or all but is there a way to just get what I need? -Original Message- From: Fyodorov, Andrey [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 2:15 PM To: Exchange Discussions Subject: RE: Export and Import of fields Yes there is such a way. It is in the Exchange 5.5 Admin program. Sincerely, Andrey Fyodorov, Exchange MVP Systems Engineer Messaging and Collaboration Spherion -Original Message- From: Morgan, Joshua (Greenville) [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 3:05 PM To: Exchange Discussions Subject: Export and Import of fields Is there a way to export (then Import once modified) a CSV file the Fields from within Exchange including Phone Address and such... I am using Exchange 5.5 SP4 Joshua Morgan Senior Network Administrator AIMCO [EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ:
RE: Export and Import of fields - custom attributes
Are you putting them in the header separately, eg Custom Attribute 1,Custom Attribute 2 ...? Harriet -Original Message- From: Watkins V [mailto:[EMAIL PROTECTED] Sent: 09 December 2003 14:20 To: Exchange Discussions Subject: RE: Export and Import of fields - custom attributes I have done an export from exchange admin: I cannot get the export file to include custom attributes though, it is ignoring them, what needs to be done? Thanks Vanessa Watkins Royal Holloway, University of London -Original Message- From: Fyodorov, Andrey [mailto:[EMAIL PROTECTED] Sent: 08 December 2003 21:07 To: Exchange Discussions Subject: RE: Export and Import of fields Write a batch file with two Export passes then Type one file and append it () to the other. Sincerely, Andrey Fyodorov, Exchange MVP Systems Engineer Messaging and Collaboration Spherion -Original Message- From: Hatley, Ken [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 4:00 PM To: Exchange Discussions Subject: RE: Export and Import of fields The help file shows ExportObject=[Mailbox, Remote (custom recipients), DL, Recipients (all recipients), All (all object types)] (default=Mailbox) I need to get Mailbox and DL in one automated export. -Original Message- From: Hatley, Ken Sent: Monday, December 08, 2003 2:57 PM To: Exchange Discussions Subject: RE: Export and Import of fields I don't think that will work, obj class is where you differentiate DL's and Mailboxes. If you do not specify you only get mailboxes. I think you have to do it with the /o and options file, I just don't know the proper syntax. -Original Message- From: Dickenson, Steven [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 2:54 PM To: Exchange Discussions Subject: RE: Export and Import of fields headers.exe. Steven --- Steven Dickenson [EMAIL PROTECTED] Network Administrator The Key School, Annapolis Maryland -Original Message- From: Hatley, Ken [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 3:52 PM To: Exchange Discussions Subject: RE: Export and Import of fields I have a question related to this as well. I am trying to set up admin /e export of all DL's and Mailboxes in an Exchange 5.5 org and looking at the Options file, I don't understand the syntax for getting what I need can anyone help me out. I see you can grab one or the other or all but is there a way to just get what I need? -Original Message- From: Fyodorov, Andrey [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 2:15 PM To: Exchange Discussions Subject: RE: Export and Import of fields Yes there is such a way. It is in the Exchange 5.5 Admin program. Sincerely, Andrey Fyodorov, Exchange MVP Systems Engineer Messaging and Collaboration Spherion -Original Message- From: Morgan, Joshua (Greenville) [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 3:05 PM To: Exchange Discussions Subject: Export and Import of fields Is there a way to export (then Import once modified) a CSV file the Fields from within Exchange including Phone Address and such... I am using Exchange 5.5 SP4 Joshua Morgan Senior Network Administrator AIMCO [EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web
RE: OWA and SMTP
What Martin is saying is that those are not the only ports you have to open. There are MANY more that are required to be opened to allow for communication between the FE server and the BE server, and communication betweent the FE server and the DC/GC servers. While the article seems to point out the correct ports, the post was misleading in saying that only 80/443 and a few others. Those few other ports (esp. 135, and the LDAP ports) are something I would not especially want opened on my firewall. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Eric Fretz [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 9:09 AM Posted To: Exchange (Swynk) Conversation: OWA and SMTP Subject: RE: OWA and SMTP He just asked for the ports and I pointed him to the kb on open ports. I agree that putting a Front End in a DMZ is no walk in the park and did not intend to make it sound that easy. Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 8:10 AM To: Exchange Discussions Subject: RE: OWA and SMTP Its much more extensive than that when putting the FE in the DMZ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fretz Sent: Tuesday, December 09, 2003 5:55 AM To: Exchange Discussions Subject: RE: OWA and SMTP 80(HTTP), 443(SSL) and a few others. Check out kb# 280132 Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Davinder Gupta [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 7:23 PM To: Exchange Discussions Subject: OWA and SMTP I am setting up a Windows 2000 member server in DMZ, which will be our SMTP and OWA front end server. Which ports do I need to open to make this work. Is there a KB article that you guy could point me to? Thanks Davinder _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: OWA and SMTP
Have FE and BE on separate VLANs and set up access lists on the routers allowing just the back-end VLAN to only accept traffic from the front-end VLAN if it is coming from the FE server, and only the specified ports. How does that sound? -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 9:29 AM To: Exchange Discussions Subject: RE: OWA and SMTP What Martin is saying is that those are not the only ports you have to open. There are MANY more that are required to be opened to allow for communication between the FE server and the BE server, and communication betweent the FE server and the DC/GC servers. While the article seems to point out the correct ports, the post was misleading in saying that only 80/443 and a few others. Those few other ports (esp. 135, and the LDAP ports) are something I would not especially want opened on my firewall. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Eric Fretz [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 9:09 AM Posted To: Exchange (Swynk) Conversation: OWA and SMTP Subject: RE: OWA and SMTP He just asked for the ports and I pointed him to the kb on open ports. I agree that putting a Front End in a DMZ is no walk in the park and did not intend to make it sound that easy. Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 8:10 AM To: Exchange Discussions Subject: RE: OWA and SMTP Its much more extensive than that when putting the FE in the DMZ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fretz Sent: Tuesday, December 09, 2003 5:55 AM To: Exchange Discussions Subject: RE: OWA and SMTP 80(HTTP), 443(SSL) and a few others. Check out kb# 280132 Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Davinder Gupta [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 7:23 PM To: Exchange Discussions Subject: OWA and SMTP I am setting up a Windows 2000 member server in DMZ, which will be our SMTP and OWA front end server. Which ports do I need to open to make this work. Is there a KB article that you guy could point me to? Thanks Davinder _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: OWA and SMTP
He did not indicate which ports he needed to have open and on which side the needed to be open to. For example, 80 and 443 need to be open to the internet to allow external host to use OWA. The others need to be open between the DMZ and internal lan to allow the FE server to do GC looksups, etc Sorry for the confusion. Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 8:29 AM To: Exchange Discussions Subject: RE: OWA and SMTP What Martin is saying is that those are not the only ports you have to open. There are MANY more that are required to be opened to allow for communication between the FE server and the BE server, and communication betweent the FE server and the DC/GC servers. While the article seems to point out the correct ports, the post was misleading in saying that only 80/443 and a few others. Those few other ports (esp. 135, and the LDAP ports) are something I would not especially want opened on my firewall. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Eric Fretz [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 9:09 AM Posted To: Exchange (Swynk) Conversation: OWA and SMTP Subject: RE: OWA and SMTP He just asked for the ports and I pointed him to the kb on open ports. I agree that putting a Front End in a DMZ is no walk in the park and did not intend to make it sound that easy. Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 8:10 AM To: Exchange Discussions Subject: RE: OWA and SMTP Its much more extensive than that when putting the FE in the DMZ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fretz Sent: Tuesday, December 09, 2003 5:55 AM To: Exchange Discussions Subject: RE: OWA and SMTP 80(HTTP), 443(SSL) and a few others. Check out kb# 280132 Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Davinder Gupta [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 7:23 PM To: Exchange Discussions Subject: OWA and SMTP I am setting up a Windows 2000 member server in DMZ, which will be our SMTP and OWA front end server. Which ports do I need to open to make this work. Is there a KB article that you guy could point me to? Thanks Davinder _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: OWA and SMTP
Why go through the hassle? It is much easier (and just as secure) to simply put the FE server inside your network, open up port 443 and 25 to the FE server (I would not open port 80 for OWA), and that is all you should have to do. If you want to be even more secure, use something like ISA server to publish the FE OWA server. There are some servers that belong on a DMZ. A FE OWA server is not one of them. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Fyodorov, Andrey [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 9:36 AM Posted To: Exchange (Swynk) Conversation: OWA and SMTP Subject: RE: OWA and SMTP Have FE and BE on separate VLANs and set up access lists on the routers allowing just the back-end VLAN to only accept traffic from the front-end VLAN if it is coming from the FE server, and only the specified ports. How does that sound? -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 9:29 AM To: Exchange Discussions Subject: RE: OWA and SMTP What Martin is saying is that those are not the only ports you have to open. There are MANY more that are required to be opened to allow for communication between the FE server and the BE server, and communication betweent the FE server and the DC/GC servers. While the article seems to point out the correct ports, the post was misleading in saying that only 80/443 and a few others. Those few other ports (esp. 135, and the LDAP ports) are something I would not especially want opened on my firewall. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Eric Fretz [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 9:09 AM Posted To: Exchange (Swynk) Conversation: OWA and SMTP Subject: RE: OWA and SMTP He just asked for the ports and I pointed him to the kb on open ports. I agree that putting a Front End in a DMZ is no walk in the park and did not intend to make it sound that easy. Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 8:10 AM To: Exchange Discussions Subject: RE: OWA and SMTP Its much more extensive than that when putting the FE in the DMZ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fretz Sent: Tuesday, December 09, 2003 5:55 AM To: Exchange Discussions Subject: RE: OWA and SMTP 80(HTTP), 443(SSL) and a few others. Check out kb# 280132 Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Davinder Gupta [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 7:23 PM To: Exchange Discussions Subject: OWA and SMTP I am setting up a Windows 2000 member server in DMZ, which will be our SMTP and OWA front end server. Which ports do I need to open to make this work. Is there a KB article that you guy could point me to? Thanks Davinder _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface:
RE: OWA and SMTP
I totally agree. It is much easier to do extensive logging (and packet filtering, for that matter) with a good layered firewall, as opposed to locking down IIS (and Windows) to accept connections in an unsecured zone. Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 9:20 AM To: Exchange Discussions Subject: RE: OWA and SMTP Why go through the hassle? It is much easier (and just as secure) to simply put the FE server inside your network, open up port 443 and 25 to the FE server (I would not open port 80 for OWA), and that is all you should have to do. If you want to be even more secure, use something like ISA server to publish the FE OWA server. There are some servers that belong on a DMZ. A FE OWA server is not one of them. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Fyodorov, Andrey [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 9:36 AM Posted To: Exchange (Swynk) Conversation: OWA and SMTP Subject: RE: OWA and SMTP Have FE and BE on separate VLANs and set up access lists on the routers allowing just the back-end VLAN to only accept traffic from the front-end VLAN if it is coming from the FE server, and only the specified ports. How does that sound? -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 9:29 AM To: Exchange Discussions Subject: RE: OWA and SMTP What Martin is saying is that those are not the only ports you have to open. There are MANY more that are required to be opened to allow for communication between the FE server and the BE server, and communication betweent the FE server and the DC/GC servers. While the article seems to point out the correct ports, the post was misleading in saying that only 80/443 and a few others. Those few other ports (esp. 135, and the LDAP ports) are something I would not especially want opened on my firewall. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Eric Fretz [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 9:09 AM Posted To: Exchange (Swynk) Conversation: OWA and SMTP Subject: RE: OWA and SMTP He just asked for the ports and I pointed him to the kb on open ports. I agree that putting a Front End in a DMZ is no walk in the park and did not intend to make it sound that easy. Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 8:10 AM To: Exchange Discussions Subject: RE: OWA and SMTP Its much more extensive than that when putting the FE in the DMZ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fretz Sent: Tuesday, December 09, 2003 5:55 AM To: Exchange Discussions Subject: RE: OWA and SMTP 80(HTTP), 443(SSL) and a few others. Check out kb# 280132 Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Davinder Gupta [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 7:23 PM To: Exchange Discussions Subject: OWA and SMTP I am setting up a Windows 2000 member server in DMZ, which will be our SMTP and OWA front end server. Which ports do I need to open to make this work. Is there a KB article that you guy could point me to? Thanks Davinder _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:
RE: OWA and SMTP
Thanks everybody for replying. The plan is exactly to open 443 from outside and required ports for GC/LDAP and required ports for BE server. The DMZ is separate physical network (VLAN) and Firewall is going to allow these specific kind of traffic only to required specific servers on inside network. You guys seem very concerned with that which I respectfully don't understand. Also this is exactly what we did in exchange 5.5, right?? Or another idea might be to create an IPSec tunnel between FE server and DCs and limit the number of ports that way, ideas? Thanks Davinder -Original Message- From: Eric Fretz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 7:20 AM To: Exchange Discussions Subject:RE: OWA and SMTP I totally agree. It is much easier to do extensive logging (and packet filtering, for that matter) with a good layered firewall, as opposed to locking down IIS (and Windows) to accept connections in an unsecured zone. Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 9:20 AM To: Exchange Discussions Subject: RE: OWA and SMTP Why go through the hassle? It is much easier (and just as secure) to simply put the FE server inside your network, open up port 443 and 25 to the FE server (I would not open port 80 for OWA), and that is all you should have to do. If you want to be even more secure, use something like ISA server to publish the FE OWA server. There are some servers that belong on a DMZ. A FE OWA server is not one of them. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Fyodorov, Andrey [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 9:36 AM Posted To: Exchange (Swynk) Conversation: OWA and SMTP Subject: RE: OWA and SMTP Have FE and BE on separate VLANs and set up access lists on the routers allowing just the back-end VLAN to only accept traffic from the front-end VLAN if it is coming from the FE server, and only the specified ports. How does that sound? -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 9:29 AM To: Exchange Discussions Subject: RE: OWA and SMTP What Martin is saying is that those are not the only ports you have to open. There are MANY more that are required to be opened to allow for communication between the FE server and the BE server, and communication betweent the FE server and the DC/GC servers. While the article seems to point out the correct ports, the post was misleading in saying that only 80/443 and a few others. Those few other ports (esp. 135, and the LDAP ports) are something I would not especially want opened on my firewall. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Eric Fretz [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 9:09 AM Posted To: Exchange (Swynk) Conversation: OWA and SMTP Subject: RE: OWA and SMTP He just asked for the ports and I pointed him to the kb on open ports. I agree that putting a Front End in a DMZ is no walk in the park and did not intend to make it sound that easy. Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 8:10 AM To: Exchange Discussions Subject: RE: OWA and SMTP Its much more extensive than that when putting the FE in the DMZ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fretz Sent: Tuesday, December 09, 2003 5:55 AM To: Exchange Discussions Subject: RE: OWA and SMTP 80(HTTP), 443(SSL) and a few others. Check out kb# 280132 Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Davinder Gupta [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 7:23 PM To: Exchange Discussions Subject: OWA and SMTP I am setting up a Windows 2000 member server in DMZ, which will be our SMTP and OWA front end server. Which ports do I need to open to make this work. Is there a KB article that you guy could point me to? Thanks Davinder _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface:
RE: OWA and SMTP
Isn't Exchange 2003 more IPSec-friendly? But if you work on it carefully, you should be able to get Exchange 2000 going with IPSec too. -Original Message- From: Davinder Gupta [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 10:46 AM To: Exchange Discussions Subject: RE: OWA and SMTP Thanks everybody for replying. The plan is exactly to open 443 from outside and required ports for GC/LDAP and required ports for BE server. The DMZ is separate physical network (VLAN) and Firewall is going to allow these specific kind of traffic only to required specific servers on inside network. You guys seem very concerned with that which I respectfully don't understand. Also this is exactly what we did in exchange 5.5, right?? Or another idea might be to create an IPSec tunnel between FE server and DCs and limit the number of ports that way, ideas? Thanks Davinder -Original Message- From: Eric Fretz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 7:20 AM To: Exchange Discussions Subject:RE: OWA and SMTP I totally agree. It is much easier to do extensive logging (and packet filtering, for that matter) with a good layered firewall, as opposed to locking down IIS (and Windows) to accept connections in an unsecured zone. Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 9:20 AM To: Exchange Discussions Subject: RE: OWA and SMTP Why go through the hassle? It is much easier (and just as secure) to simply put the FE server inside your network, open up port 443 and 25 to the FE server (I would not open port 80 for OWA), and that is all you should have to do. If you want to be even more secure, use something like ISA server to publish the FE OWA server. There are some servers that belong on a DMZ. A FE OWA server is not one of them. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Fyodorov, Andrey [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 9:36 AM Posted To: Exchange (Swynk) Conversation: OWA and SMTP Subject: RE: OWA and SMTP Have FE and BE on separate VLANs and set up access lists on the routers allowing just the back-end VLAN to only accept traffic from the front-end VLAN if it is coming from the FE server, and only the specified ports. How does that sound? -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 9:29 AM To: Exchange Discussions Subject: RE: OWA and SMTP What Martin is saying is that those are not the only ports you have to open. There are MANY more that are required to be opened to allow for communication between the FE server and the BE server, and communication betweent the FE server and the DC/GC servers. While the article seems to point out the correct ports, the post was misleading in saying that only 80/443 and a few others. Those few other ports (esp. 135, and the LDAP ports) are something I would not especially want opened on my firewall. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Eric Fretz [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 9:09 AM Posted To: Exchange (Swynk) Conversation: OWA and SMTP Subject: RE: OWA and SMTP He just asked for the ports and I pointed him to the kb on open ports. I agree that putting a Front End in a DMZ is no walk in the park and did not intend to make it sound that easy. Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 8:10 AM To: Exchange Discussions Subject: RE: OWA and SMTP Its much more extensive than that when putting the FE in the DMZ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fretz Sent: Tuesday, December 09, 2003 5:55 AM To: Exchange Discussions Subject: RE: OWA and SMTP 80(HTTP), 443(SSL) and a few others. Check out kb# 280132 Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Davinder Gupta [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 7:23 PM To: Exchange Discussions Subject: OWA and SMTP I am setting up a Windows 2000 member server in DMZ, which will be our SMTP and OWA front end server. Which ports do I need to open to make this work. Is there a KB article that you guy could point me to? Thanks Davinder _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface:
RE: OWA and SMTP
Could you be a little more specific about the careful part?? -Original Message- From: Fyodorov, Andrey [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 7:50 AM To: Exchange Discussions Subject:RE: OWA and SMTP Isn't Exchange 2003 more IPSec-friendly? But if you work on it carefully, you should be able to get Exchange 2000 going with IPSec too. -Original Message- From: Davinder Gupta [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 10:46 AM To: Exchange Discussions Subject: RE: OWA and SMTP Thanks everybody for replying. The plan is exactly to open 443 from outside and required ports for GC/LDAP and required ports for BE server. The DMZ is separate physical network (VLAN) and Firewall is going to allow these specific kind of traffic only to required specific servers on inside network. You guys seem very concerned with that which I respectfully don't understand. Also this is exactly what we did in exchange 5.5, right?? Or another idea might be to create an IPSec tunnel between FE server and DCs and limit the number of ports that way, ideas? Thanks Davinder -Original Message- From: Eric Fretz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 7:20 AM To: Exchange Discussions Subject:RE: OWA and SMTP I totally agree. It is much easier to do extensive logging (and packet filtering, for that matter) with a good layered firewall, as opposed to locking down IIS (and Windows) to accept connections in an unsecured zone. Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 9:20 AM To: Exchange Discussions Subject: RE: OWA and SMTP Why go through the hassle? It is much easier (and just as secure) to simply put the FE server inside your network, open up port 443 and 25 to the FE server (I would not open port 80 for OWA), and that is all you should have to do. If you want to be even more secure, use something like ISA server to publish the FE OWA server. There are some servers that belong on a DMZ. A FE OWA server is not one of them. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Fyodorov, Andrey [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 9:36 AM Posted To: Exchange (Swynk) Conversation: OWA and SMTP Subject: RE: OWA and SMTP Have FE and BE on separate VLANs and set up access lists on the routers allowing just the back-end VLAN to only accept traffic from the front-end VLAN if it is coming from the FE server, and only the specified ports. How does that sound? -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 9:29 AM To: Exchange Discussions Subject: RE: OWA and SMTP What Martin is saying is that those are not the only ports you have to open. There are MANY more that are required to be opened to allow for communication between the FE server and the BE server, and communication betweent the FE server and the DC/GC servers. While the article seems to point out the correct ports, the post was misleading in saying that only 80/443 and a few others. Those few other ports (esp. 135, and the LDAP ports) are something I would not especially want opened on my firewall. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Eric Fretz [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 9:09 AM Posted To: Exchange (Swynk) Conversation: OWA and SMTP Subject: RE: OWA and SMTP He just asked for the ports and I pointed him to the kb on open ports. I agree that putting a Front End in a DMZ is no walk in the park and did not intend to make it sound that easy. Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 8:10 AM To: Exchange Discussions Subject: RE: OWA and SMTP Its much more extensive than that when putting the FE in the DMZ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fretz Sent: Tuesday, December 09, 2003 5:55 AM To: Exchange Discussions Subject: RE: OWA and SMTP 80(HTTP), 443(SSL) and a few others. Check out kb# 280132 Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Davinder Gupta [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 7:23 PM To: Exchange Discussions Subject: OWA and SMTP I am setting up a Windows 2000 member server in DMZ, which will be our SMTP and OWA front end server. Which ports do I need to open to make this work. Is there a KB article that you guy
RE: OWA and SMTP
What I don't understand is why everyone thinks that placing their FE server in a DMZ is a more secure/better way/whatever have you. IMHO, it is not. I don't understand what you think you are going to be gaining by placing it there other than increased headache for the setup and troubleshooting. Some may offer the argument that if your FE server gets hacked, it is somewhat isolated. Let's be honest. With the ports that are required to be open between the FE and BE, if someone hacks your FE server, they can own your internal network whether the FE is in a DMZ or not. I'm just not convinced that there is a need to place FE servers in the DMZ. That, plus I seem to remember that it is now Microsoft's suggestion to NOT place the FE server in the DMZ. I'll see if I can find the reference to that. Davinder, you are, of course, welcome to deploy this how you see fit. It is, after all, your network, not mine. Ultimately, if you feel it is a better setup to place your FE server in your DMZ, then do that. I'm just trying to offer feedback. As far as 5.5, that is a different scenario altogether. 5.5 would allow you to install OWA separate from the Exchange mailbox server. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Davinder Gupta [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 10:45 AM Posted To: Exchange (Swynk) Conversation: OWA and SMTP Subject: RE: OWA and SMTP Thanks everybody for replying. The plan is exactly to open 443 from outside and required ports for GC/LDAP and required ports for BE server. The DMZ is separate physical network (VLAN) and Firewall is going to allow these specific kind of traffic only to required specific servers on inside network. You guys seem very concerned with that which I respectfully don't understand. Also this is exactly what we did in exchange 5.5, right?? Or another idea might be to create an IPSec tunnel between FE server and DCs and limit the number of ports that way, ideas? Thanks Davinder -Original Message- From: Eric Fretz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 7:20 AM To: Exchange Discussions Subject:RE: OWA and SMTP I totally agree. It is much easier to do extensive logging (and packet filtering, for that matter) with a good layered firewall, as opposed to locking down IIS (and Windows) to accept connections in an unsecured zone. Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 9:20 AM To: Exchange Discussions Subject: RE: OWA and SMTP Why go through the hassle? It is much easier (and just as secure) to simply put the FE server inside your network, open up port 443 and 25 to the FE server (I would not open port 80 for OWA), and that is all you should have to do. If you want to be even more secure, use something like ISA server to publish the FE OWA server. There are some servers that belong on a DMZ. A FE OWA server is not one of them. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Fyodorov, Andrey [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 9:36 AM Posted To: Exchange (Swynk) Conversation: OWA and SMTP Subject: RE: OWA and SMTP Have FE and BE on separate VLANs and set up access lists on the routers allowing just the back-end VLAN to only accept traffic from the front-end VLAN if it is coming from the FE server, and only the specified ports. How does that sound? -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 9:29 AM To: Exchange Discussions Subject: RE: OWA and SMTP What Martin is saying is that those are not the only ports you have to open. There are MANY more that are required to be opened to allow for communication between the FE server and the BE server, and communication betweent the FE server and the DC/GC servers. While the article seems to point out the correct ports, the post was misleading in saying that only 80/443 and a few others. Those few other ports (esp. 135, and the LDAP ports) are something I would not especially want opened on my firewall. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Eric Fretz [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 9:09 AM Posted To: Exchange (Swynk) Conversation: OWA and SMTP Subject: RE: OWA and SMTP He just asked for the ports and I pointed him to the kb on open ports. I agree that putting a Front End in a DMZ is no walk in the park and did not intend to make it sound that easy. Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Martin Blackstone [mailto:[EMAIL
RE: OWA and SMTP
I couldn't have said it better myself. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Winzenz Sent: Tuesday, December 09, 2003 7:56 AM To: Exchange Discussions Subject: RE: OWA and SMTP What I don't understand is why everyone thinks that placing their FE server in a DMZ is a more secure/better way/whatever have you. IMHO, it is not. I don't understand what you think you are going to be gaining by placing it there other than increased headache for the setup and troubleshooting. Some may offer the argument that if your FE server gets hacked, it is somewhat isolated. Let's be honest. With the ports that are required to be open between the FE and BE, if someone hacks your FE server, they can own your internal network whether the FE is in a DMZ or not. I'm just not convinced that there is a need to place FE servers in the DMZ. That, plus I seem to remember that it is now Microsoft's suggestion to NOT place the FE server in the DMZ. I'll see if I can find the reference to that. Davinder, you are, of course, welcome to deploy this how you see fit. It is, after all, your network, not mine. Ultimately, if you feel it is a better setup to place your FE server in your DMZ, then do that. I'm just trying to offer feedback. As far as 5.5, that is a different scenario altogether. 5.5 would allow you to install OWA separate from the Exchange mailbox server. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Davinder Gupta [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 10:45 AM Posted To: Exchange (Swynk) Conversation: OWA and SMTP Subject: RE: OWA and SMTP Thanks everybody for replying. The plan is exactly to open 443 from outside and required ports for GC/LDAP and required ports for BE server. The DMZ is separate physical network (VLAN) and Firewall is going to allow these specific kind of traffic only to required specific servers on inside network. You guys seem very concerned with that which I respectfully don't understand. Also this is exactly what we did in exchange 5.5, right?? Or another idea might be to create an IPSec tunnel between FE server and DCs and limit the number of ports that way, ideas? Thanks Davinder -Original Message- From: Eric Fretz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 7:20 AM To: Exchange Discussions Subject:RE: OWA and SMTP I totally agree. It is much easier to do extensive logging (and packet filtering, for that matter) with a good layered firewall, as opposed to locking down IIS (and Windows) to accept connections in an unsecured zone. Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 9:20 AM To: Exchange Discussions Subject: RE: OWA and SMTP Why go through the hassle? It is much easier (and just as secure) to simply put the FE server inside your network, open up port 443 and 25 to the FE server (I would not open port 80 for OWA), and that is all you should have to do. If you want to be even more secure, use something like ISA server to publish the FE OWA server. There are some servers that belong on a DMZ. A FE OWA server is not one of them. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Fyodorov, Andrey [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 9:36 AM Posted To: Exchange (Swynk) Conversation: OWA and SMTP Subject: RE: OWA and SMTP Have FE and BE on separate VLANs and set up access lists on the routers allowing just the back-end VLAN to only accept traffic from the front-end VLAN if it is coming from the FE server, and only the specified ports. How does that sound? -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 9:29 AM To: Exchange Discussions Subject: RE: OWA and SMTP What Martin is saying is that those are not the only ports you have to open. There are MANY more that are required to be opened to allow for communication between the FE server and the BE server, and communication betweent the FE server and the DC/GC servers. While the article seems to point out the correct ports, the post was misleading in saying that only 80/443 and a few others. Those few other ports (esp. 135, and the LDAP ports) are something I would not especially want opened on my firewall. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Eric Fretz [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 9:09 AM Posted To: Exchange (Swynk) Conversation: OWA and SMTP Subject: RE: OWA and SMTP He just asked for the ports and I pointed him to the kb on open ports. I agree that putting a Front End in a DMZ is no walk in the park and did
removal of first exchange 2000 server
I have had a mixed exch 2000/2003 site running for about a month. I have followed the Q article regarding removal of first exchange server in a site. Now some of my clients are having issues when accessing their mailbox's. outlook is set for their mailbox to point to the new server and outlook opens but clicking inbox locks outlook. I have tried repairing outlook and upgrading it to 2003 but nothing fix's it. Any info would be appreciated. Exchange 2003 on windows 2003 cluster. Removed server is exchange 2000 on windows 2000 non cluster Client outlook xp/2003 Ronald R. Mazzotta Jr. Director of IT Schonbraun Safris McCann Bekritsky Co. L.L.C. 101 Eisenhower pky Roseland NJ, 07068 _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: OWA and SMTP
Why do Microsoft FE/BE whitepapers show FE in DMZ? -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 10:58 AM To: Exchange Discussions Subject: RE: OWA and SMTP I couldn't have said it better myself. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Winzenz Sent: Tuesday, December 09, 2003 7:56 AM To: Exchange Discussions Subject: RE: OWA and SMTP What I don't understand is why everyone thinks that placing their FE server in a DMZ is a more secure/better way/whatever have you. IMHO, it is not. I don't understand what you think you are going to be gaining by placing it there other than increased headache for the setup and troubleshooting. Some may offer the argument that if your FE server gets hacked, it is somewhat isolated. Let's be honest. With the ports that are required to be open between the FE and BE, if someone hacks your FE server, they can own your internal network whether the FE is in a DMZ or not. I'm just not convinced that there is a need to place FE servers in the DMZ. That, plus I seem to remember that it is now Microsoft's suggestion to NOT place the FE server in the DMZ. I'll see if I can find the reference to that. Davinder, you are, of course, welcome to deploy this how you see fit. It is, after all, your network, not mine. Ultimately, if you feel it is a better setup to place your FE server in your DMZ, then do that. I'm just trying to offer feedback. As far as 5.5, that is a different scenario altogether. 5.5 would allow you to install OWA separate from the Exchange mailbox server. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Davinder Gupta [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 10:45 AM Posted To: Exchange (Swynk) Conversation: OWA and SMTP Subject: RE: OWA and SMTP Thanks everybody for replying. The plan is exactly to open 443 from outside and required ports for GC/LDAP and required ports for BE server. The DMZ is separate physical network (VLAN) and Firewall is going to allow these specific kind of traffic only to required specific servers on inside network. You guys seem very concerned with that which I respectfully don't understand. Also this is exactly what we did in exchange 5.5, right?? Or another idea might be to create an IPSec tunnel between FE server and DCs and limit the number of ports that way, ideas? Thanks Davinder -Original Message- From: Eric Fretz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 7:20 AM To: Exchange Discussions Subject:RE: OWA and SMTP I totally agree. It is much easier to do extensive logging (and packet filtering, for that matter) with a good layered firewall, as opposed to locking down IIS (and Windows) to accept connections in an unsecured zone. Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 9:20 AM To: Exchange Discussions Subject: RE: OWA and SMTP Why go through the hassle? It is much easier (and just as secure) to simply put the FE server inside your network, open up port 443 and 25 to the FE server (I would not open port 80 for OWA), and that is all you should have to do. If you want to be even more secure, use something like ISA server to publish the FE OWA server. There are some servers that belong on a DMZ. A FE OWA server is not one of them. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Fyodorov, Andrey [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 9:36 AM Posted To: Exchange (Swynk) Conversation: OWA and SMTP Subject: RE: OWA and SMTP Have FE and BE on separate VLANs and set up access lists on the routers allowing just the back-end VLAN to only accept traffic from the front-end VLAN if it is coming from the FE server, and only the specified ports. How does that sound? -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 9:29 AM To: Exchange Discussions Subject: RE: OWA and SMTP What Martin is saying is that those are not the only ports you have to open. There are MANY more that are required to be opened to allow for communication between the FE server and the BE server, and communication betweent the FE server and the DC/GC servers. While the article seems to point out the correct ports, the post was misleading in saying that only 80/443 and a few others. Those few other ports (esp. 135, and the LDAP ports) are something I would not especially want opened on my firewall. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Eric Fretz [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 9:09 AM Posted
RE: OWA and SMTP
Don't they show ISA in there as well? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fyodorov, Andrey Sent: Tuesday, December 09, 2003 8:13 AM To: Exchange Discussions Subject: RE: OWA and SMTP Why do Microsoft FE/BE whitepapers show FE in DMZ? -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 10:58 AM To: Exchange Discussions Subject: RE: OWA and SMTP I couldn't have said it better myself. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Winzenz Sent: Tuesday, December 09, 2003 7:56 AM To: Exchange Discussions Subject: RE: OWA and SMTP What I don't understand is why everyone thinks that placing their FE server in a DMZ is a more secure/better way/whatever have you. IMHO, it is not. I don't understand what you think you are going to be gaining by placing it there other than increased headache for the setup and troubleshooting. Some may offer the argument that if your FE server gets hacked, it is somewhat isolated. Let's be honest. With the ports that are required to be open between the FE and BE, if someone hacks your FE server, they can own your internal network whether the FE is in a DMZ or not. I'm just not convinced that there is a need to place FE servers in the DMZ. That, plus I seem to remember that it is now Microsoft's suggestion to NOT place the FE server in the DMZ. I'll see if I can find the reference to that. Davinder, you are, of course, welcome to deploy this how you see fit. It is, after all, your network, not mine. Ultimately, if you feel it is a better setup to place your FE server in your DMZ, then do that. I'm just trying to offer feedback. As far as 5.5, that is a different scenario altogether. 5.5 would allow you to install OWA separate from the Exchange mailbox server. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Davinder Gupta [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 10:45 AM Posted To: Exchange (Swynk) Conversation: OWA and SMTP Subject: RE: OWA and SMTP Thanks everybody for replying. The plan is exactly to open 443 from outside and required ports for GC/LDAP and required ports for BE server. The DMZ is separate physical network (VLAN) and Firewall is going to allow these specific kind of traffic only to required specific servers on inside network. You guys seem very concerned with that which I respectfully don't understand. Also this is exactly what we did in exchange 5.5, right?? Or another idea might be to create an IPSec tunnel between FE server and DCs and limit the number of ports that way, ideas? Thanks Davinder -Original Message- From: Eric Fretz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 7:20 AM To: Exchange Discussions Subject:RE: OWA and SMTP I totally agree. It is much easier to do extensive logging (and packet filtering, for that matter) with a good layered firewall, as opposed to locking down IIS (and Windows) to accept connections in an unsecured zone. Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 9:20 AM To: Exchange Discussions Subject: RE: OWA and SMTP Why go through the hassle? It is much easier (and just as secure) to simply put the FE server inside your network, open up port 443 and 25 to the FE server (I would not open port 80 for OWA), and that is all you should have to do. If you want to be even more secure, use something like ISA server to publish the FE OWA server. There are some servers that belong on a DMZ. A FE OWA server is not one of them. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Fyodorov, Andrey [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 9:36 AM Posted To: Exchange (Swynk) Conversation: OWA and SMTP Subject: RE: OWA and SMTP Have FE and BE on separate VLANs and set up access lists on the routers allowing just the back-end VLAN to only accept traffic from the front-end VLAN if it is coming from the FE server, and only the specified ports. How does that sound? -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 9:29 AM To: Exchange Discussions Subject: RE: OWA and SMTP What Martin is saying is that those are not the only ports you have to open. There are MANY more that are required to be opened to allow for communication between the FE server and the BE server, and communication betweent the FE server and the DC/GC servers. While the article seems to point out the correct ports, the post was misleading in saying that only 80/443 and a few others. Those few other ports (esp. 135, and the LDAP ports) are something I would
RE: SMTP Size Restriction on Per User Basis
Create an SMTP gateway for the one domain that the user wants to send to, set the size limitation appropriately, and allow the connector to accept mail from only that one user. John Matteson Geac Corporate ISS (404) 239 - 2981 Atlanta, Georgia, USA. -Original Message- From: Exchange List [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 5:33 AM Posted To: Exchange Discussion List Conversation: SMTP Size Restriction on Per User Basis Subject: SMTP Size Restriction on Per User Basis Dear List, Setup: SMTP Gateway: Exchange 2000: I have a 2 MB smtp size restriction on gateway, one on my user wants to send 5 MB of file on 10th of every month. I don't want to increase the size on smtp gateway as it could allow all internet users to throw in mails of 5 MB. Is there a way to allow certain users to send 5MB size mails as outbound only. I hope my question is clear to all. regards, Irf. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: SMTP Connectors
You only need a bridgehead server if you have more than one server in the routing group. If you have more than one server in the routing group, it would be nice to have one machine designated as the bridgehead for the RG, but not mandatory. If you have the connector set, then all servers will use it. John Matteson Geac Corporate ISS (404) 239 - 2981 Atlanta, Georgia, USA. -Original Message- From: Wohlgemuth, Mike [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 8:57 AM Posted To: Exchange Discussion List Conversation: SMTP Connectors Subject: SMTP Connectors Platform: Win2K/sp4 Exchange 2K/sp3 with 4 Vvirtual SMTP Servers that currently send email to the internet via DNS ... Challenge: I want to route all email sent to one specific email address ([EMAIL PROTECTED] ) through my spam server (spam.server.org) ... It looks like I will do this with an SMTP connector that uses my spam server (spam.server.org) as a smart host and the email address ([EMAIL PROTECTED] ) as my address space ... Does this sound correct? Do I also need to set up my Virtual SMTP Servers as local bridgehead servers? Thanks in advance ... Mike _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: OWA and SMTP
I'm reminded of the character Yogourt in Spaceballs the Movie, It's all about the merchandising. Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 10:17 AM To: Exchange Discussions Subject: RE: OWA and SMTP Don't they show ISA in there as well? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fyodorov, Andrey Sent: Tuesday, December 09, 2003 8:13 AM To: Exchange Discussions Subject: RE: OWA and SMTP Why do Microsoft FE/BE whitepapers show FE in DMZ? -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 10:58 AM To: Exchange Discussions Subject: RE: OWA and SMTP I couldn't have said it better myself. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Winzenz Sent: Tuesday, December 09, 2003 7:56 AM To: Exchange Discussions Subject: RE: OWA and SMTP What I don't understand is why everyone thinks that placing their FE server in a DMZ is a more secure/better way/whatever have you. IMHO, it is not. I don't understand what you think you are going to be gaining by placing it there other than increased headache for the setup and troubleshooting. Some may offer the argument that if your FE server gets hacked, it is somewhat isolated. Let's be honest. With the ports that are required to be open between the FE and BE, if someone hacks your FE server, they can own your internal network whether the FE is in a DMZ or not. I'm just not convinced that there is a need to place FE servers in the DMZ. That, plus I seem to remember that it is now Microsoft's suggestion to NOT place the FE server in the DMZ. I'll see if I can find the reference to that. Davinder, you are, of course, welcome to deploy this how you see fit. It is, after all, your network, not mine. Ultimately, if you feel it is a better setup to place your FE server in your DMZ, then do that. I'm just trying to offer feedback. As far as 5.5, that is a different scenario altogether. 5.5 would allow you to install OWA separate from the Exchange mailbox server. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Davinder Gupta [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 10:45 AM Posted To: Exchange (Swynk) Conversation: OWA and SMTP Subject: RE: OWA and SMTP Thanks everybody for replying. The plan is exactly to open 443 from outside and required ports for GC/LDAP and required ports for BE server. The DMZ is separate physical network (VLAN) and Firewall is going to allow these specific kind of traffic only to required specific servers on inside network. You guys seem very concerned with that which I respectfully don't understand. Also this is exactly what we did in exchange 5.5, right?? Or another idea might be to create an IPSec tunnel between FE server and DCs and limit the number of ports that way, ideas? Thanks Davinder -Original Message- From: Eric Fretz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 7:20 AM To: Exchange Discussions Subject:RE: OWA and SMTP I totally agree. It is much easier to do extensive logging (and packet filtering, for that matter) with a good layered firewall, as opposed to locking down IIS (and Windows) to accept connections in an unsecured zone. Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 9:20 AM To: Exchange Discussions Subject: RE: OWA and SMTP Why go through the hassle? It is much easier (and just as secure) to simply put the FE server inside your network, open up port 443 and 25 to the FE server (I would not open port 80 for OWA), and that is all you should have to do. If you want to be even more secure, use something like ISA server to publish the FE OWA server. There are some servers that belong on a DMZ. A FE OWA server is not one of them. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Fyodorov, Andrey [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 9:36 AM Posted To: Exchange (Swynk) Conversation: OWA and SMTP Subject: RE: OWA and SMTP Have FE and BE on separate VLANs and set up access lists on the routers allowing just the back-end VLAN to only accept traffic from the front-end VLAN if it is coming from the FE server, and only the specified ports. How does that sound? -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 9:29 AM To: Exchange Discussions Subject: RE: OWA and SMTP What Martin is saying is that those are not the only ports
RE: OWA and SMTP
Or my favorite: There is the right way, the wrong way, or the Microsoft way. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fretz Sent: Tuesday, December 09, 2003 8:17 AM To: Exchange Discussions Subject: RE: OWA and SMTP I'm reminded of the character Yogourt in Spaceballs the Movie, It's all about the merchandising. Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 10:17 AM To: Exchange Discussions Subject: RE: OWA and SMTP Don't they show ISA in there as well? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fyodorov, Andrey Sent: Tuesday, December 09, 2003 8:13 AM To: Exchange Discussions Subject: RE: OWA and SMTP Why do Microsoft FE/BE whitepapers show FE in DMZ? -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 10:58 AM To: Exchange Discussions Subject: RE: OWA and SMTP I couldn't have said it better myself. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Winzenz Sent: Tuesday, December 09, 2003 7:56 AM To: Exchange Discussions Subject: RE: OWA and SMTP What I don't understand is why everyone thinks that placing their FE server in a DMZ is a more secure/better way/whatever have you. IMHO, it is not. I don't understand what you think you are going to be gaining by placing it there other than increased headache for the setup and troubleshooting. Some may offer the argument that if your FE server gets hacked, it is somewhat isolated. Let's be honest. With the ports that are required to be open between the FE and BE, if someone hacks your FE server, they can own your internal network whether the FE is in a DMZ or not. I'm just not convinced that there is a need to place FE servers in the DMZ. That, plus I seem to remember that it is now Microsoft's suggestion to NOT place the FE server in the DMZ. I'll see if I can find the reference to that. Davinder, you are, of course, welcome to deploy this how you see fit. It is, after all, your network, not mine. Ultimately, if you feel it is a better setup to place your FE server in your DMZ, then do that. I'm just trying to offer feedback. As far as 5.5, that is a different scenario altogether. 5.5 would allow you to install OWA separate from the Exchange mailbox server. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Davinder Gupta [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 10:45 AM Posted To: Exchange (Swynk) Conversation: OWA and SMTP Subject: RE: OWA and SMTP Thanks everybody for replying. The plan is exactly to open 443 from outside and required ports for GC/LDAP and required ports for BE server. The DMZ is separate physical network (VLAN) and Firewall is going to allow these specific kind of traffic only to required specific servers on inside network. You guys seem very concerned with that which I respectfully don't understand. Also this is exactly what we did in exchange 5.5, right?? Or another idea might be to create an IPSec tunnel between FE server and DCs and limit the number of ports that way, ideas? Thanks Davinder -Original Message- From: Eric Fretz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 7:20 AM To: Exchange Discussions Subject:RE: OWA and SMTP I totally agree. It is much easier to do extensive logging (and packet filtering, for that matter) with a good layered firewall, as opposed to locking down IIS (and Windows) to accept connections in an unsecured zone. Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 9:20 AM To: Exchange Discussions Subject: RE: OWA and SMTP Why go through the hassle? It is much easier (and just as secure) to simply put the FE server inside your network, open up port 443 and 25 to the FE server (I would not open port 80 for OWA), and that is all you should have to do. If you want to be even more secure, use something like ISA server to publish the FE OWA server. There are some servers that belong on a DMZ. A FE OWA server is not one of them. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Fyodorov, Andrey [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 9:36 AM Posted To: Exchange (Swynk) Conversation: OWA and SMTP Subject: RE: OWA and SMTP Have FE and BE on separate VLANs and set up access lists on the routers allowing just the back-end VLAN to only accept traffic from the front-end VLAN if it is coming from the FE server, and
RE: OWA and SMTP
Can you point me to those articles/white papers etc. ?? I would like to look into the possibility of using ISA and keeping FE server in DMZ. Thanks Davinder -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 8:17 AM To: Exchange Discussions Subject:RE: OWA and SMTP Don't they show ISA in there as well? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fyodorov, Andrey Sent: Tuesday, December 09, 2003 8:13 AM To: Exchange Discussions Subject: RE: OWA and SMTP Why do Microsoft FE/BE whitepapers show FE in DMZ? -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 10:58 AM To: Exchange Discussions Subject: RE: OWA and SMTP I couldn't have said it better myself. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Winzenz Sent: Tuesday, December 09, 2003 7:56 AM To: Exchange Discussions Subject: RE: OWA and SMTP What I don't understand is why everyone thinks that placing their FE server in a DMZ is a more secure/better way/whatever have you. IMHO, it is not. I don't understand what you think you are going to be gaining by placing it there other than increased headache for the setup and troubleshooting. Some may offer the argument that if your FE server gets hacked, it is somewhat isolated. Let's be honest. With the ports that are required to be open between the FE and BE, if someone hacks your FE server, they can own your internal network whether the FE is in a DMZ or not. I'm just not convinced that there is a need to place FE servers in the DMZ. That, plus I seem to remember that it is now Microsoft's suggestion to NOT place the FE server in the DMZ. I'll see if I can find the reference to that. Davinder, you are, of course, welcome to deploy this how you see fit. It is, after all, your network, not mine. Ultimately, if you feel it is a better setup to place your FE server in your DMZ, then do that. I'm just trying to offer feedback. As far as 5.5, that is a different scenario altogether. 5.5 would allow you to install OWA separate from the Exchange mailbox server. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Davinder Gupta [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 10:45 AM Posted To: Exchange (Swynk) Conversation: OWA and SMTP Subject: RE: OWA and SMTP Thanks everybody for replying. The plan is exactly to open 443 from outside and required ports for GC/LDAP and required ports for BE server. The DMZ is separate physical network (VLAN) and Firewall is going to allow these specific kind of traffic only to required specific servers on inside network. You guys seem very concerned with that which I respectfully don't understand. Also this is exactly what we did in exchange 5.5, right?? Or another idea might be to create an IPSec tunnel between FE server and DCs and limit the number of ports that way, ideas? Thanks Davinder -Original Message- From: Eric Fretz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 7:20 AM To: Exchange Discussions Subject:RE: OWA and SMTP I totally agree. It is much easier to do extensive logging (and packet filtering, for that matter) with a good layered firewall, as opposed to locking down IIS (and Windows) to accept connections in an unsecured zone. Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 9:20 AM To: Exchange Discussions Subject: RE: OWA and SMTP Why go through the hassle? It is much easier (and just as secure) to simply put the FE server inside your network, open up port 443 and 25 to the FE server (I would not open port 80 for OWA), and that is all you should have to do. If you want to be even more secure, use something like ISA server to publish the FE OWA server. There are some servers that belong on a DMZ. A FE OWA server is not one of them. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Fyodorov, Andrey [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 9:36 AM Posted To: Exchange (Swynk) Conversation: OWA and SMTP Subject: RE: OWA and SMTP Have FE and BE on separate VLANs and set up access lists on the routers allowing just the back-end VLAN to only accept traffic from the front-end VLAN if it is coming from the FE server, and only the specified ports. How does that sound? -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 9:29 AM To: Exchange Discussions Subject: RE: OWA and SMTP What Martin is saying is that those are not the only ports you have to open. There are MANY more that are
Active Directory
When we installed Active Directory, a lot of permission didn't carry over. Has anyone had that problem. Thank you _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Active Directory
Hey Jazzy, where's the Fresh Prince? _ John Bowles Exchange Engineer OIG/HHS [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 12:30 PM To: Exchange Discussions Subject: Active Directory When we installed Active Directory, a lot of permission didn't carry over. Has anyone had that problem. Thank you _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Active Directory
bum dum, ching! Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Bowles, John (OIG/OMP) [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 11:31 AM To: Exchange Discussions Subject: RE: Active Directory Hey Jazzy, where's the Fresh Prince? _ John Bowles Exchange Engineer OIG/HHS [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 12:30 PM To: Exchange Discussions Subject: Active Directory When we installed Active Directory, a lot of permission didn't carry over. Has anyone had that problem. Thank you _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Active Directory
Can you be a little more specifc? What permissions didn't carry over? Carry over from what? Your question is very vague. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 12:30 PM Posted To: Exchange (Swynk) Conversation: Active Directory Subject: Active Directory When we installed Active Directory, a lot of permission didn't carry over. Has anyone had that problem. Thank you _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Active Directory
You're moving out with your Auntie and Uncle from Bel Air. _ John Bowles Exchange Engineer OIG/HHS [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 12:30 PM To: Exchange Discussions Subject: Active Directory When we installed Active Directory, a lot of permission didn't carry over. Has anyone had that problem. Thank you _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Active Directory
Some permission that didn't carry over was the Doman Administrators group, helpdesk group, and workgroup managers group. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Active Directory
What did they not carry over FROM? You haven't told us anything about your environment, whether you just did a migration, what the old environment was, etc. etc. You haven't provided enough info for us to give you any sort of answer. What would you say to one of your users if they came up to you and said Some permissions didn't carry over? You'd likely say something to the effect of I need more info please. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 12:40 PM Posted To: Exchange (Swynk) Conversation: Active Directory Subject: RE: Active Directory Some permission that didn't carry over was the Doman Administrators group, helpdesk group, and workgroup managers group. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: SMTP Size Restriction on Per User Basis
And set restrictions on the original SMTP connector so that it would not accept mail from that user. -Original Message- From: John Matteson [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 11:18 AM To: Exchange Discussions Subject: RE: SMTP Size Restriction on Per User Basis Create an SMTP gateway for the one domain that the user wants to send to, set the size limitation appropriately, and allow the connector to accept mail from only that one user. John Matteson Geac Corporate ISS (404) 239 - 2981 Atlanta, Georgia, USA. -Original Message- From: Exchange List [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 5:33 AM Posted To: Exchange Discussion List Conversation: SMTP Size Restriction on Per User Basis Subject: SMTP Size Restriction on Per User Basis Dear List, Setup: SMTP Gateway: Exchange 2000: I have a 2 MB smtp size restriction on gateway, one on my user wants to send 5 MB of file on 10th of every month. I don't want to increase the size on smtp gateway as it could allow all internet users to throw in mails of 5 MB. Is there a way to allow certain users to send 5MB size mails as outbound only. I hope my question is clear to all. regards, Irf. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Active Directory
From where? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 12:40 PM To: Exchange Discussions Subject: RE: Active Directory Some permission that didn't carry over was the Doman Administrators group, helpdesk group, and workgroup managers group. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: OWA and SMTP
Shouldn't the ISA server be in the DMZ? -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 11:17 AM To: Exchange Discussions Subject: RE: OWA and SMTP Don't they show ISA in there as well? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fyodorov, Andrey Sent: Tuesday, December 09, 2003 8:13 AM To: Exchange Discussions Subject: RE: OWA and SMTP Why do Microsoft FE/BE whitepapers show FE in DMZ? -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 10:58 AM To: Exchange Discussions Subject: RE: OWA and SMTP I couldn't have said it better myself. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Winzenz Sent: Tuesday, December 09, 2003 7:56 AM To: Exchange Discussions Subject: RE: OWA and SMTP What I don't understand is why everyone thinks that placing their FE server in a DMZ is a more secure/better way/whatever have you. IMHO, it is not. I don't understand what you think you are going to be gaining by placing it there other than increased headache for the setup and troubleshooting. Some may offer the argument that if your FE server gets hacked, it is somewhat isolated. Let's be honest. With the ports that are required to be open between the FE and BE, if someone hacks your FE server, they can own your internal network whether the FE is in a DMZ or not. I'm just not convinced that there is a need to place FE servers in the DMZ. That, plus I seem to remember that it is now Microsoft's suggestion to NOT place the FE server in the DMZ. I'll see if I can find the reference to that. Davinder, you are, of course, welcome to deploy this how you see fit. It is, after all, your network, not mine. Ultimately, if you feel it is a better setup to place your FE server in your DMZ, then do that. I'm just trying to offer feedback. As far as 5.5, that is a different scenario altogether. 5.5 would allow you to install OWA separate from the Exchange mailbox server. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Davinder Gupta [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 10:45 AM Posted To: Exchange (Swynk) Conversation: OWA and SMTP Subject: RE: OWA and SMTP Thanks everybody for replying. The plan is exactly to open 443 from outside and required ports for GC/LDAP and required ports for BE server. The DMZ is separate physical network (VLAN) and Firewall is going to allow these specific kind of traffic only to required specific servers on inside network. You guys seem very concerned with that which I respectfully don't understand. Also this is exactly what we did in exchange 5.5, right?? Or another idea might be to create an IPSec tunnel between FE server and DCs and limit the number of ports that way, ideas? Thanks Davinder -Original Message- From: Eric Fretz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 7:20 AM To: Exchange Discussions Subject:RE: OWA and SMTP I totally agree. It is much easier to do extensive logging (and packet filtering, for that matter) with a good layered firewall, as opposed to locking down IIS (and Windows) to accept connections in an unsecured zone. Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 9:20 AM To: Exchange Discussions Subject: RE: OWA and SMTP Why go through the hassle? It is much easier (and just as secure) to simply put the FE server inside your network, open up port 443 and 25 to the FE server (I would not open port 80 for OWA), and that is all you should have to do. If you want to be even more secure, use something like ISA server to publish the FE OWA server. There are some servers that belong on a DMZ. A FE OWA server is not one of them. Ben Winzenz Network Engineer Gardner White (317) 581-1580 ext 418 -Original Message- From: Fyodorov, Andrey [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 9:36 AM Posted To: Exchange (Swynk) Conversation: OWA and SMTP Subject: RE: OWA and SMTP Have FE and BE on separate VLANs and set up access lists on the routers allowing just the back-end VLAN to only accept traffic from the front-end VLAN if it is coming from the FE server, and only the specified ports. How does that sound? -Original Message- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 9:29 AM To: Exchange Discussions Subject: RE: OWA and SMTP What Martin is saying is that those are not the only ports you have to open. There are MANY more that are required to be opened to allow for communication between the FE server and the BE server, and communication betweent the FE server and the
RE: removal of first exchange 2000 server
Have you tried creating a new Outlook profile? Removing and re-adding the Outlook Address Book? -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 11:01 AM To: Exchange Discussions Subject: removal of first exchange 2000 server I have had a mixed exch 2000/2003 site running for about a month. I have followed the Q article regarding removal of first exchange server in a site. Now some of my clients are having issues when accessing their mailbox's. outlook is set for their mailbox to point to the new server and outlook opens but clicking inbox locks outlook. I have tried repairing outlook and upgrading it to 2003 but nothing fix's it. Any info would be appreciated. Exchange 2003 on windows 2003 cluster. Removed server is exchange 2000 on windows 2000 non cluster Client outlook xp/2003 Ronald R. Mazzotta Jr. Director of IT Schonbraun Safris McCann Bekritsky Co. L.L.C. 101 Eisenhower pky Roseland NJ, 07068 _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: removal of first exchange 2000 server
What happens when you generate them a new profile? Joshua Morgan AIMCO [EMAIL PROTECTED] W. 864 239-1015 -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 11:01 AM To: Exchange Discussions Subject: removal of first exchange 2000 server I have had a mixed exch 2000/2003 site running for about a month. I have followed the Q article regarding removal of first exchange server in a site. Now some of my clients are having issues when accessing their mailbox's. outlook is set for their mailbox to point to the new server and outlook opens but clicking inbox locks outlook. I have tried repairing outlook and upgrading it to 2003 but nothing fix's it. Any info would be appreciated. Exchange 2003 on windows 2003 cluster. Removed server is exchange 2000 on windows 2000 non cluster Client outlook xp/2003 Ronald R. Mazzotta Jr. Director of IT Schonbraun Safris McCann Bekritsky Co. L.L.C. 101 Eisenhower pky Roseland NJ, 07068 _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Active Directory
Huh? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 12:30 PM To: Exchange Discussions Subject: Active Directory When we installed Active Directory, a lot of permission didn't carry over. Has anyone had that problem. Thank you _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Active Directory
This happened because you purchased the sports car version of Active Directory, not the Dump Truck version. Only the Dump Truck version will actually carry anything. =) Eric Fretz L-3 Communications ComCept Division 2800 Discovery Blvd. Rockwall, TX 75032 tel: 972.772.7501 fax: 972.772.7510 -Original Message- From: David, Andy [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 3:03 PM To: Exchange Discussions Subject: RE: Active Directory Huh? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 12:30 PM To: Exchange Discussions Subject: Active Directory When we installed Active Directory, a lot of permission didn't carry over. Has anyone had that problem. Thank you _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: removal of first exchange 2000 server
It turns out that the default gal wasn't re-homed. I had to fix that, change the expansion server of my distro lists and uninstall exchange from my old server. Ronald R. Mazzotta Jr. Director of IT Schonbraun Safris McCann Bekritsky Co. L.L.C. 101 Eisenhower pky Roseland NJ, 07068 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Morgan, Joshua (Greenville) Sent: Tuesday, December 09, 2003 4:04 PM To: Exchange Discussions Subject: RE: removal of first exchange 2000 server What happens when you generate them a new profile? Joshua Morgan AIMCO [EMAIL PROTECTED] W. 864 239-1015 -Original Message- From: Ronald Mazzotta [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 11:01 AM To: Exchange Discussions Subject: removal of first exchange 2000 server I have had a mixed exch 2000/2003 site running for about a month. I have followed the Q article regarding removal of first exchange server in a site. Now some of my clients are having issues when accessing their mailbox's. outlook is set for their mailbox to point to the new server and outlook opens but clicking inbox locks outlook. I have tried repairing outlook and upgrading it to 2003 but nothing fix's it. Any info would be appreciated. Exchange 2003 on windows 2003 cluster. Removed server is exchange 2000 on windows 2000 non cluster Client outlook xp/2003 Ronald R. Mazzotta Jr. Director of IT Schonbraun Safris McCann Bekritsky Co. L.L.C. 101 Eisenhower pky Roseland NJ, 07068 _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Creating an address list
Running E2k sp3 on W2k sp4. Created a new address list in ESM under All Address Lists and also created one under All Users which is a child object of All Address Lists. I cannot view either one from an Outlook client. Searched through ESM help files and through technet online, and found info on creating an address list, and verified that I followed those steps correctly but could not find any info on what to do if you cannot see your newly created list from within Outlook. Do I have to restart Exchange services or something? I must be missing something obvious but have gone through it several times with no progress. Thanks for any info. J _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Backup Exec 9.0 and 9.1 does not see Exchange 2003 Stores?
We are currently running a Ex 5.5 mixed mode environment with our First Exchange 2003 server deployed for testing with our IT department. For the life of me I can not get Backup Exec 9.0 4454 (with E2k3 hot fix) or 9.1 to see and backup the private and public info stores. It WILL see and backup the mailboxes and public folders just fine in bricks mode (not that I want to). It gives me no errors, but just does not show the IS as an available item to backup. I have tried this with two different backup servers, and by installing BE 9.1 on to the new Exchange server by its self. I have even created a new account for it to use to login with. Has anyone seen this behavior before? I'd like to rule out something stupid if I can before I spend an hour on hold with Veritas. Thanks Miles _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Backup Exec 9.0 and 9.1 does not see Exchange 2003 Stores?
Did you install the Exchange Admin with the same SP on the backup systems? Scott -Original Message- From: ml.exchange [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 3:22 PM To: Exchange Discussions Subject: Backup Exec 9.0 and 9.1 does not see Exchange 2003 Stores? We are currently running a Ex 5.5 mixed mode environment with our First Exchange 2003 server deployed for testing with our IT department. For the life of me I can not get Backup Exec 9.0 4454 (with E2k3 hot fix) or 9.1 to see and backup the private and public info stores. It WILL see and backup the mailboxes and public folders just fine in bricks mode (not that I want to). It gives me no errors, but just does not show the IS as an available item to backup. I have tried this with two different backup servers, and by installing BE 9.1 on to the new Exchange server by its self. I have even created a new account for it to use to login with. Has anyone seen this behavior before? I'd like to rule out something stupid if I can before I spend an hour on hold with Veritas. Thanks Miles _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=en glish To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Backup Exec 9.0 and 9.1 does not see Exchange 2003 Stores?
Yes, Exchange Admin and System Manager from Exchange 2003 are on both of my production backup servers AND on the Exchange 2003 server I installed BE 9.1 on. The exchange agent is also installed. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Akerlund, Scott Sent: Tuesday, December 09, 2003 6:25 PM To: Exchange Discussions Subject: RE: Backup Exec 9.0 and 9.1 does not see Exchange 2003 Stores? Did you install the Exchange Admin with the same SP on the backup systems? Scott -Original Message- From: ml.exchange [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 3:22 PM To: Exchange Discussions Subject: Backup Exec 9.0 and 9.1 does not see Exchange 2003 Stores? We are currently running a Ex 5.5 mixed mode environment with our First Exchange 2003 server deployed for testing with our IT department. For the life of me I can not get Backup Exec 9.0 4454 (with E2k3 hot fix) or 9.1 to see and backup the private and public info stores. It WILL see and backup the mailboxes and public folders just fine in bricks mode (not that I want to). It gives me no errors, but just does not show the IS as an available item to backup. I have tried this with two different backup servers, and by installing BE 9.1 on to the new Exchange server by its self. I have even created a new account for it to use to login with. Has anyone seen this behavior before? I'd like to rule out something stupid if I can before I spend an hour on hold with Veritas. Thanks Miles _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=en glish To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Wireless OT
Does anyone know of a good wireless list group like this exchange list? Thanks Matt _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Wireless OT
http://groups.yahoo.com/group/wirelesslan/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Plahtinsky Sent: Tuesday, December 09, 2003 7:26 PM To: Exchange Discussions Subject: Wireless OT Does anyone know of a good wireless list group like this exchange list? Thanks Matt _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: SMTP Size Restriction on Per User Basis
I am running IIS on SMTP Gateway ( No Exchange on this machine), I have to relax the limit there which which means it is open for everybody for inbound traffic. regards, irf -Original Message- From: John Matteson [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 9:18 PM To: Exchange Discussions Subject: RE: SMTP Size Restriction on Per User Basis Create an SMTP gateway for the one domain that the user wants to send to, set the size limitation appropriately, and allow the connector to accept mail from only that one user. John Matteson Geac Corporate ISS (404) 239 - 2981 Atlanta, Georgia, USA. -Original Message- From: Exchange List [mailto:[EMAIL PROTECTED] Posted At: Tuesday, December 09, 2003 5:33 AM Posted To: Exchange Discussion List Conversation: SMTP Size Restriction on Per User Basis Subject: SMTP Size Restriction on Per User Basis Dear List, Setup: SMTP Gateway: Exchange 2000: I have a 2 MB smtp size restriction on gateway, one on my user wants to send 5 MB of file on 10th of every month. I don't want to increase the size on smtp gateway as it could allow all internet users to throw in mails of 5 MB. Is there a way to allow certain users to send 5MB size mails as outbound only. I hope my question is clear to all. regards, Irf. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Cant find/delete this public folder
http://support.microsoft.com/default.aspx?scid=kb;en-us;152433 Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, December 08, 2003 5:16 PM To: Exchange Discussions Subject: Cant find/delete this public folder We have a public folder that shows up in the public folder list on each exchange server, but it doesn't exist on any of the exchange servers. You cant access it from an outlook client, and you cant check the properties, etc.. from Exchange admin, as it states that public folder replication may not have completed. Each server has it in the global public folder list, but none of them have it in their public folder resources list. My assumption was to go to the instances tab of Public Information store and put its instance on a server to see if this would allow me to do anything with it, but I thought I would see if anyone has any other ideas on what the cause might be. Basically we just want to be rid of the folder (not concerned with any data it may contain). Its MSX 5.5 SP3 and there are 3 servers in network. Please let me know what I can do to get rid of this folder. Cheers. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Discussions or Newsgroups
Through a mail-enabled public folder. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, December 08, 2003 4:43 PM To: Exchange Discussions Subject: Discussions or Newsgroups What's the best way to host Discussions or newsgroup type features in Exchange 2000? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]