I am planning on deploying Exchange 2003 (On a Windows 2003 R2 server) on our network, specifically for the purpose of serving remote users who can benefit from remote ActiveSync and Window Mobile.
Obviously, this server will need to be on the internal network (In order to communicate with the other Exchange Servers and Domain Controllers).
However, this server will also need to be open to the internet (In order for remote users to connect and sync)
What are the best practices as far as security is concerned?
It looks to me like I will be fine with blocking everything except TCP ports 990, 999, 5678, 5679. What things do I need to be concerned about with these ports being open?