How can I secure Exchange 2007 with Active Sync
Posted on 2009-02-09
Ok here is the scenario. Right now in our current email configuration we have the following setup:
Outside email gets sent from the internet to our sendmail boxes, then to barracuda spam firewall, then to our checkpoint firewall, then to esafe where they get scanned and then finally sent to our Exchange 2007 server. We are trying to implement ActiveSync securely into this configuration. We are having a bit of disagreement over how to properly secure our internal email server. In our configuration we already have the same setup as an edge server with our barracuda firewall in place. This does all our mail scrubbing and forwards it to our email server. I am correct that this is all the edge server does? Do we need an edge transport server for ActiveSync to function? I was under the assumption that The Edge server only works with SMTP traffice and nothing else. I thought all we needed was an SSL Cert from a trusted root authority that points to an outside FQDN "mail.company.com" and that nats to the internal address of our email server. My boss is worried that we are then going to be vulnerable to outside attacks on our firewall and our email server. Is he correct in his assumption? Is this the most secure way to go? In microsoft's example they are passing port 443 to the internal email server. Please help to shed some light on the situation.
Thanks in advance