January 28th, 2004, 02:56 PM
Securing Exchange 2003
I've successfully configured and installed an Exchange server and it works fine. It's not accessible from the Internet and downloads all email through a third party downloader.
However, I'm about to open up port 25 on my firewall and all the server to be accessible from the Internet, so that it can handle directly all mail from my domain.
Are there any obvious things I should do to make sure that Exchange is secure and cannot be hacked into? I've never attempted to do anything like this before and am a bit of a novice, so would hate to leave exchange sitting open to attack, without me even knowing about it.
Any ideas or suggestions would be gratefully received.
January 28th, 2004, 04:12 PM
The best solution is to put a qmail server running on Linux as your MX handler (so all email for your domain will go to this machine), then have this machine forward all email to the Exchange server behind the firewall, with the Exchange server firewalled so that it only accepts traffic from the qmail server. Exchange, and indeed all Microsoft products, have a long history of remote security problems allowing anyone on the internet to take control of the entire machine. For this reason, it's best that they aren't directly accessible from the internet.
If you insist on connecting your Windows box to the internet, make sure that you are running the latest versions of everything. Windows Update might be able to help you here.
January 29th, 2004, 01:55 AM
I like that idea, but I don't really have the resources to set up another machine with Linux installed. I also have not really ever used Linux before, and I think that setting it up could be quite difficult for me.