[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 284
  • Last Modified:

Making Exchange Email addresses available over Internet

Have no experience with Exchange - Just started new job - Email can be picked up by our employees via Outlook from within the interior of our network.

We have a website (IIS on our own servers - all Win2003 servers) and I know the IP address for the website.

How can I make the email server available so that Outlook can download message from mailboxes over the internet?

Thanks
0
tometh
Asked:
tometh
1 Solution
 
inbarasanCommented:
Dear tometh,
I belive that you are using Exchange 2003. If yes then you can enable RPC over https with which users can download the mails from Internet directly without VPN.

refer thse articles to know more about RPC over https and how to implement them
http://thelazyadmin.com/index.php?/archives/39-Configure-RPC-over-HTTPS-Exchange-Server.html
http://www.petri.co.il/configure_rpc_over_https_on_a_single_server.htm
http://support.microsoft.com/kb/833401
http://www.computerperformance.co.uk/exchange2003/exchange2003_rpc_http.htm

Good luck

Cheers!
Inba
0
 
ari24Commented:
alternativels, you can use outlook web access thru a web browser at https://domainname.com/exchange
0
 
tomethAuthor Commented:
Ok - Just spent some time reading some stuff on this Outlook Web Access - couldn't find anything about instantiating, configuring,  setting it up etc.  Is this something that is a wholesale change to the Server or something that is enabled on a per mailbox basis?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
SembeeCommented:
OWA is installed by default. Nothing has to be done to enable it.
Internally, if you browse to http://exchangeserver/exchange (where exchangeserver is the name of your Exchange server) then you will get OWA.

To expose it to the internet open port 80 on your firewall.

However, for a secure deployment you should look at getting an SSL certificate. These are relatively cheap - US$20 from GoDaddy if you have a .com/.net/.org domain.
Once you have an SSL certificate you can turn off port 80 (which is a security risk) and open port 443.

Simon.
0
 
tomethAuthor Commented:
Thanks very much!!
0
 
tomethAuthor Commented:
OK - question about SSL Certs - I bought one from verisign 18 months ago for a former employer- It was my impression that the thrust of the reason for buying a certificate was so that customers could verify that a third party had checked out the records and listed information on the company and was basically assuring the customer that they were valid, and that encryption was in force.  I was told that all of the encryption was being handled by SSL on the webserver and that verisign was only validating the use of the encryption and the veracity of the registrant information.

In fact I was told that I could issue my own certificate on the server!

If this is correct then it would seem unnecessary to have a certificate involved at all since I am only interested in my own employees accessing their email.

Please advise if my understanding is incorrect
0
 
redseatechnologiesCommented:
Hi tometh,

SSL certificates are more than just proof that you are who you are.

That is part of it, but the real use is that it is used for encryption - you can make you own SSL cert if it is just for employees, but it will pop up with errors in internet explorer (it will still work though)

Alternatively, you can buy a good cheap ssl certificate from www.godaddy.com

Hope that helps,

-red
0
 
SembeeCommented:
SSL Certificates have two main roles.

Their primary role is trust - the server you are connecting to is who it claims to be.
The secondary role is encryption - stops information going across in the clear.

If I was doing an ecommerce web site then I would use one of the expensive Verisign certificates.
For OWA, the cheapest certificates I can get hold of will be fine, to simply encrypt the username and password information. Plus it means I don't have to have port 80 open to the production network - which is a bad idea.

While you can issue your own certificates, this can cause problems. If every machine that will be accessing the server is under your control, then you can issue your own certificates, as you can get round the trust issue.
However for something like OWA where you cannot control every machine, it is a good idea to use a cheap commercial certificate that is trusted by most mainstream web browsers.

I have outlined my main arguments for not using a home grown (self issued) certificate on my blog here: http://www.sembee.co.uk/archive/2006/03/05/Self-Generated-versus-Commercial-SSL-Certificates.aspx

Simon.
0
 
tomethAuthor Commented:
Thanks to all for the information so far!  Great help!

I read the information on Sembee's posted link - My question is relative to the paragraph

"If the root certificate isn't in the majority of web browsers then you will have the same problem as when issuing your own certificates - prompts and imports."

I've checked the list of trusted certificate authorities in IE - Go daddy is not listed there - is there some method of adding this certificate easily throughout my network.  Or will each client that accesses email through the certificate have to add it to the trusted list individually?

Thanks




0
 
SembeeCommented:
GoDaddy don't issue their own certificates. They issue through another company. The certificate root that GoDaddy use is trusted by Internet Explorer on both the PC and the Windows Mobile device.

http://help.godaddy.com/article.php?article_id=1140&topic_id=235&&

Simon.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now