Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Exchange 2000 Front End/Backend

Posted on 2003-03-04
Medium Priority
Last Modified: 2010-03-19
Here's what I'm trying to do.  I want to setup an exchange server behind the firewall.  This will be no problem for my internal Clients.
   Now, I also have external clients that need to use that server (using pop3 and smtp).  I can just open ports 110 & 25, but that seems kind of dangerous to me.  I really don't want that machine directly accessible from the net.
   I know I can use a front-end/back-end topology, but I REALLY don't want to go through the cost of buying 2 licenses of exchange.  Is there another way of doing this? That will secure my backend exchange box, but allow my external clients to use SMTP and pop3.
   I've thought about using qmail on linux, but looks like that will only solve my SMTP relay problem.  I don't see how that will allow external users to POP into the exchange box.

Question by:aelhajj
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 8067750
You have a few choices-

If the external clients are Windows Boxes, have them use PPTP to get into the private network, this will provide a secure connection and you won't have to open any ports on the firewall. We did this because w/ exchange 5.5. external access to POP3 was crashing the server.

You could also use the firewall's IPSEC ability with the external clients. It acheives the same effect as the MS PPTP, but is at the firewall level and possibly supports more than just Microsoft clients.

Another option is to have the clients dial in via regular dial up for access to the server.

You could use IMAP instead of POP3 and SMTP, it's a little more secure and has more features.

Author Comment

ID: 8067841
That'll work if I only had to worry about internal clients, but then how do people on other networks send e-mails via SMTP to my clients internally?  
   I'm trying to avoid opening any connections that will allow a "public" user from connecting directly to my machine...


Author Comment

ID: 8068784
Maybe some sort of a pop3 proxy?  Something linux based would be nice if anyone knows any that would help
Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.


Expert Comment

ID: 8071294
It's quite normal for the Exchange server to have its SMTP ports open to receive external e-mail.  I would estimate the majority of exchange servers are setup like this.  If you run an enterprise-level firewall, that should be able to add some protection on incoming SMTP traffic by filtering bogus requests.

With regard to POP3 access.  I don't like having any protocols which can give access to mailboxes.  Have you considered giving users web access to the exchange server?  This can be quite secure especially if you only enable the SSL access.

Alternatively, as digital said, provide VPN access (L2TP or PPTP).  This would be my preferred solution as your clients would be able to run the full outlook client and thus have access to calendars and public folders etc.

Expert Comment

ID: 8071503
Port 25 for SMTP will need to be open for receiving internet email.

The only alternative to that is to use a Linux type system w/ sendmail to receive the internet email and forward it to the Exchange host- but trust me- unless you've done this kind of setup from the start the initial setup will drive you crazy w/ labor.

The Linux/sendmail type setup is the only way to completely remove the exchange server from the internet, but as JMansford said- it is standard practice to allow only port 25 open to the exchange box. I've done it in all of my installation and not had any problems.

Expert Comment

ID: 9153274
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
Post your closing recommendations!  No comment means you don't care.

Accepted Solution

SpazMODic earned 0 total points
ID: 9807046
PAQed - no points refunded (of 50)

EE Moderator

Featured Post

Turn your laptop into a mobile console!

The CV211 Laptop USB Console Adapter provides a direct Laptop-to-Computer connection for fast and easy remote desktop access with no software to install.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question