Making Exchange Email addresses available over Internet

Posted on 2006-10-20
Last Modified: 2010-03-06
Have no experience with Exchange - Just started new job - Email can be picked up by our employees via Outlook from within the interior of our network.

We have a website (IIS on our own servers - all Win2003 servers) and I know the IP address for the website.

How can I make the email server available so that Outlook can download message from mailboxes over the internet?

Question by:tometh
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 14

Expert Comment

ID: 17774359
Dear tometh,
I belive that you are using Exchange 2003. If yes then you can enable RPC over https with which users can download the mails from Internet directly without VPN.

refer thse articles to know more about RPC over https and how to implement them

Good luck


Expert Comment

ID: 17774797
alternativels, you can use outlook web access thru a web browser at

Author Comment

ID: 17774922
Ok - Just spent some time reading some stuff on this Outlook Web Access - couldn't find anything about instantiating, configuring,  setting it up etc.  Is this something that is a wholesale change to the Server or something that is enabled on a per mailbox basis?
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

LVL 104

Accepted Solution

Sembee earned 500 total points
ID: 17775084
OWA is installed by default. Nothing has to be done to enable it.
Internally, if you browse to http://exchangeserver/exchange (where exchangeserver is the name of your Exchange server) then you will get OWA.

To expose it to the internet open port 80 on your firewall.

However, for a secure deployment you should look at getting an SSL certificate. These are relatively cheap - US$20 from GoDaddy if you have a .com/.net/.org domain.
Once you have an SSL certificate you can turn off port 80 (which is a security risk) and open port 443.


Author Comment

ID: 17775576
Thanks very much!!

Author Comment

ID: 17777565
OK - question about SSL Certs - I bought one from verisign 18 months ago for a former employer- It was my impression that the thrust of the reason for buying a certificate was so that customers could verify that a third party had checked out the records and listed information on the company and was basically assuring the customer that they were valid, and that encryption was in force.  I was told that all of the encryption was being handled by SSL on the webserver and that verisign was only validating the use of the encryption and the veracity of the registrant information.

In fact I was told that I could issue my own certificate on the server!

If this is correct then it would seem unnecessary to have a certificate involved at all since I am only interested in my own employees accessing their email.

Please advise if my understanding is incorrect
LVL 39

Expert Comment

ID: 17778076
Hi tometh,

SSL certificates are more than just proof that you are who you are.

That is part of it, but the real use is that it is used for encryption - you can make you own SSL cert if it is just for employees, but it will pop up with errors in internet explorer (it will still work though)

Alternatively, you can buy a good cheap ssl certificate from

Hope that helps,

LVL 104

Expert Comment

ID: 17780838
SSL Certificates have two main roles.

Their primary role is trust - the server you are connecting to is who it claims to be.
The secondary role is encryption - stops information going across in the clear.

If I was doing an ecommerce web site then I would use one of the expensive Verisign certificates.
For OWA, the cheapest certificates I can get hold of will be fine, to simply encrypt the username and password information. Plus it means I don't have to have port 80 open to the production network - which is a bad idea.

While you can issue your own certificates, this can cause problems. If every machine that will be accessing the server is under your control, then you can issue your own certificates, as you can get round the trust issue.
However for something like OWA where you cannot control every machine, it is a good idea to use a cheap commercial certificate that is trusted by most mainstream web browsers.

I have outlined my main arguments for not using a home grown (self issued) certificate on my blog here:


Author Comment

ID: 17795293
Thanks to all for the information so far!  Great help!

I read the information on Sembee's posted link - My question is relative to the paragraph

"If the root certificate isn't in the majority of web browsers then you will have the same problem as when issuing your own certificates - prompts and imports."

I've checked the list of trusted certificate authorities in IE - Go daddy is not listed there - is there some method of adding this certificate easily throughout my network.  Or will each client that accesses email through the certificate have to add it to the trusted list individually?


LVL 104

Expert Comment

ID: 17797353
GoDaddy don't issue their own certificates. They issue through another company. The certificate root that GoDaddy use is trusted by Internet Explorer on both the PC and the Windows Mobile device.


Featured Post

[Webinar] Learn How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question