#1
  1. Retired Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jan 2004
    Location
    London, UK
    Posts
    6,669
    Rep Power
    147

    Securing Exchange 2003


    I've successfully configured and installed an Exchange server and it works fine. It's not accessible from the Internet and downloads all email through a third party downloader.

    However, I'm about to open up port 25 on my firewall and all the server to be accessible from the Internet, so that it can handle directly all mail from my domain.

    Are there any obvious things I should do to make sure that Exchange is secure and cannot be hacked into? I've never attempted to do anything like this before and am a bit of a novice, so would hate to leave exchange sitting open to attack, without me even knowing about it.

    Any ideas or suggestions would be gratefully received.
  2. #2
  3. Full Access
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Jun 2000
    Location
    London, UK
    Posts
    2,019
    Rep Power
    17
    Are there any obvious things I should do to make sure that Exchange is secure and cannot be hacked into? I've never attempted to do anything like this before and am a bit of a novice, so would hate to leave exchange sitting open to attack, without me even knowing about it.
    The best solution is to put a qmail server running on Linux as your MX handler (so all email for your domain will go to this machine), then have this machine forward all email to the Exchange server behind the firewall, with the Exchange server firewalled so that it only accepts traffic from the qmail server. Exchange, and indeed all Microsoft products, have a long history of remote security problems allowing anyone on the internet to take control of the entire machine. For this reason, it's best that they aren't directly accessible from the internet.

    If you insist on connecting your Windows box to the internet, make sure that you are running the latest versions of everything. Windows Update might be able to help you here.
    Alex
    (http://www.alex-greg.com)
  4. #3
  5. Retired Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jan 2004
    Location
    London, UK
    Posts
    6,669
    Rep Power
    147
    I like that idea, but I don't really have the resources to set up another machine with Linux installed. I also have not really ever used Linux before, and I think that setting it up could be quite difficult for me.

IMN logo majestic logo threadwatch logo seochat tools logo