Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations John Tel on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

OWA configuration

Status
Not open for further replies.
disturbedone

disturbedone

Vendor
Sep 28, 2006
781
AU
Hi,

I'm trying to decide which option to take and depending on the answer to my question here will decide it. The question is can SBS2K3 be configure with the Exchange component in a frontend/backend configuration??? I also want to be able to use email pushing to mobile phones eg Nokia E61.

A quick search in the forum shows people opening HTTP/HTTPS ports on their firewall direct to the SBS2K3 server for OWA. I know the ideal way with full W2K3 server is to have a frontend E2K3 in a DMZ with HTTP/HTTPS ports open on the firewall and then other ports open on the firewall between it and the backend server. If I have SBS2K3 and also another W2K3/E2K3 server in a DMZ, will that work? Or can SBS only work as one mail server? I'd rather get 2 full servers with a frontend/backend configuration if SBS cannot do this.

Any thoughts or suggestions?
 
Sort by date Sort by votes
Believe it or not, FE/BE for SSL connections like OWA and Exchange ActiveSync is no longer the official "best config" at Microsoft. Best config for those is now just passing 443 to an internal server. The reason why is that a single SSL port being passed to the internal server is more secure than all the ports that would have to be passed from the DMZ to the internal to get the FE/BE configuration to work. I wouldn't even worry about getting an FE server for the reasons you mention.

I would still see about putting some sort of system in place for inbound mail on port 25 though. There are a lot of options. Here are a few I've used:

- Use a spam appliance like Barracuda's.
- Set up an older server with IIS on it in the DMZ. Make sure it's not part of your domain, and set it up to relay inbound mail to your back-end server. Install your mail AV product on it.
- Pay a 3rd party like SpamSoap, MXLogic, or ExchangeDefender to handle all your inbound SMTP for you before forwarding it to your server. Only allow port 25 traffic from their mail servers, so that your mail is exclusively handled by them. Lately I've found this to be the most economical and headache free option.

Keep in mind that these are only solutions for port 25 traffic. Port 443 would still be passed to your internal SBS server.

ShackDaddy
Shackelford Consulting
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

disturbedone
  • Locked
  • Question
NPS proxy configuration
Replies
0
Views
161
disturbedone
disturbedone
Vachaun22
  • Locked
  • Question
GPP Printers in computer configuration
Replies
0
Views
78
Vachaun22
Vachaun22
Hfnet
  • Locked
  • Question
SBS 2003 OWA not working fully after mailbox restore
Replies
2
Views
145
Hfnet
Hfnet
disturbedone
  • Locked
  • Question
Microsoft UAG configuration
Replies
6
Views
209
disturbedone
disturbedone
1DMF
  • Locked
  • Question
IIS Windows 7 - Cannot read configuration file
Replies
1
Views
128
1DMF
1DMF

Part and Inventory Search

Sponsor

Back
Top