Regardless of whether your Exchange servers are accessed by users on a local area network, whether your users receive e-mail from the Internet, or whether you are providing web services such as Outlook Web Access, ActiveSync, and Outlook Anywhere to Internet users, you need to keep security in mind. You'll be surprised how easy it is to make Exchange Server 2007 reasonably secure.
During setup, the person who installs Exchange server chooses the specific Exchange server roles that a particular server role will host. Only the software necessary to support the chosen roles is actually installed. This is in contrast to the installation process for Exchange 2000/2003; most Exchange services had to be installed and then the installer would later disable services that were not necessary. An Exchange Server 2007 server that is hosting only the Mailbox server role will not have unnecessary services installed and running.
In this chapter, we will cover many of the common steps you can easily perform to ensure that your Exchange server is as secure as possible without breaking your budget. We will also cover firewalls, perimeter networks, reverse proxies, and SMTP relays, all of which will help you to solidify your security and help you to sleep more soundly at night.
Topics in this chapter include the following:
Security basics
Using the Security Configuration Wizard
Using Secure Sockets Layer (SSL) with Exchange
Implementing message hygiene and multilayer security
Using a reverse proxy to protect web services