Re: Getting rid of POP3 connector, advice?
- From: "Lanwench [MVP - Exchange]" <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 16 May 2008 19:48:35 -0400
sortasbsguy@xxxxxxxxx wrote:
We're running SBS 2003 behind a cisco ASA, and up until now have
been using the exchange server's pop3 connector to yahoo, who is
providing our email service. Some of our remote employees just go
directly to the yahoo server (pop/smtp over SSL) for their email
directly, while others use the exchange server directly, and we even
have some who have outlook configured to use both exchange (for local)
and yahoo via pop/smtp/ssl (for outside world email) - yikes!
Oy.
This has been a bit of a mess to manage, and we've also had
problems with yahoo's mail servers randomly throwing away incoming
email (even between people on our domain!) so we'd like to get away
from that as well.
Goodplan.
It sounds like the recommended best practice is to get rid of the
pop3 connector, have our sbs 2003 exchange server function as the smtp
server for our domain, and set up both the remote & local employees
use the exchange server to send/receive mail.
Yep.
We have a static IP
address, and I feel comfortable doing the port forwarding, setting up
DNS (vs smarthost, to take the yahoo servers out of the equation)
Since you have a static IP you don't need a smarthost. You need a PTR /
reverse lookup entry for your public IP - then you can send out directly.
and
updating MX records to get that happening.
So, a few questions:
1. What is the recommended transport for remote employees using
outlook? Remote employees are typically traveling users working
offline, who are currently using pop/smtp via SSL to yahoo directly.
Now they'll be connecting back in to our sbs exchange server and we'll
have to set up the appropriate port forwarding at the cisco asa,
Is this a PIX or other Cisco firewall? I'm not familiar with their
models/terminology.
and
set up the appropriate services at the exchange server. What's the
best way to do this? Thinking about security, and ease of setup for
the outlook users.
Outlook 2003 or 2007 on WinXP or Vista, using RPC over HTTP(s) - or OWA when
they can't do that.
2. The SBS server is using one NIC, behind the cisco ASA on the same
local subnet as our workstations. Is there any reason to use a 2nd
NIC?
Not in my book.
i.e., set up a DMZ on the cisco asa, put a 2nd NIC in the SBS
server, and set that up on the DMZ?
Nope.
Doesn't sound like there is any
benefit to doing things that way, but I thought I'd ask...
I think it overly complicates things while giving you no real security
benefit.
My plan now
is just to port forward the appropriate ports through the ASA to the
sbs server.
That's what I'd do.
We have a VPN setup through the ASA, but I don't want to force
remote users to VPN in before checking their email because we've had
some complaints about that being 'too difficult' in the past (i.e. too
many steps...) Thanks,
It also doesn't work everywhere.RPC over HTTP is likelier to.
.
- Follow-Ups:
- Re: Getting rid of POP3 connector, advice?
- From: sortasbsguy
- Re: Getting rid of POP3 connector, advice?
- References:
- Getting rid of POP3 connector, advice?
- From: sortasbsguy
- Getting rid of POP3 connector, advice?
- Prev by Date: Re: Roaming profiles - and disappearing desktop icons
- Next by Date: Re: SMTP Access
- Previous by thread: Getting rid of POP3 connector, advice?
- Next by thread: Re: Getting rid of POP3 connector, advice?
- Index(es):
Relevant Pages
|
