Chapter 28: Protecting Mail Services with ISA Server


Introduction

Mail services publishing is the most popular type of server publishing. Both small and large organizations prefer to have a higher level of control over their mail services than any other type of service. Why? Since most businesses are highly dependent on their mail services, they can little afford the foibles and inconsistent levels of service provided by third parties. If mail services go down, they might take the business with them!

The good news is that Microsoft's Internet Security and Acceleration (ISA) Server makes publishing mail services very simple. If you have your own third-party Simple Mail Transfer Protocol (SMTP)/Post Office Protocol 3 (POP3) mail server, you can use the Microsoft Internet Information server (IIS) SMTP service for a mail relay, and you can even leverage the IIS SMTP service and the ISA Server Message Screener to protect your third-party SMTP/POP3 mail server from spam. If you run Windows 2003, you already have a POP3 server available to you. Just put an IIS SMTP service in front of your Windows 2003 SMTP/POP3 server and you'll be protected against attackers and spam.

Even more impressive than support for simple IIS SMTP services is ISA Server's ability to make Exchange 2000 services available to Internet users. You can publish all the Exchange Server's mail services, or just certain ones. ISA Server integrates with Exchange 2000 by making it easy to securely publish Exchange Remote Procedure Call (RPC) and Outlook Web access (OWA). No other firewall on the market provides this level of integration and compatibility with Microsoft Exchange 2000.

This chapter is broken down into three main sections: publishing mail services on the ISA server, publishing mail services on a computer somewhere on the internal network, and using GFI Software's MailSecurity application to block out spam. If you're not publishing mail services on the ISA server, you might want to skip down to the publishing services on the internal network section. However, we advise against this, as we'll be going over many important principles early in the chapter that you should understand before trying to publish services on the internal network. If you have a single Windows 2000 server and need to publish everything on it, then you should focus on the section entitled "Configuring Mail Services on the ISA Server" section. Again, we recommend that you read the entire chapter, as we'll be including helpful tips and tricks throughout!

Note

Small Business Server (SBS) isn't explicitly covered in this book because of time and size considerations. Although we can't cover the specifics of SBS, the good news is that the same principles that we apply on the "Configuring Mail Services on the ISA Server" section apply to SBS. The major difference is we don't cover any of the SBS built-in wizards to accomplish the configuration. If you want to run ISA Server and Exchange on the same computer, you'll have to carry out the manual configuration steps detailed in this chapter.

We'll start with configuring and publishing mail services on the ISA server, and then move to the higher security option of putting them on the internal network. Pay very close attention to the steps outlined in the following sections. Many details must be covered. Missing even one step could prevent something from working and it may be very difficult to troubleshoot the problem. Be patient, be careful, and you won't find yourself reformatting and reinstalling because of an obscure misconfiguration issue.




The Best Damn Firewall Book Period
The Best Damn Firewall Book Period
ISBN: 1931836906
EAN: 2147483647
Year: 2003
Pages: 240

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net