Important ports for firewall configuration include 25 SMTP, 80 HTTP, 88 Kerberos, 110 POP3, 119 NNTP, 135 RPC, 143 IMAP4, 389 LDAP, 443 HTTP/SSL, 636 LDAP/SSL, 993 IMAP4/SSL, 995 POP3/SSL, and 3268/3269 GC Lookup.
Configure MAPI access across firewalls by setting up a VPN, using SSL-secured IMAP, using OWA on a front-end server located on the DMZ, or if using Outlook 2003, implementing RPC over HTTP.
An ISA server on the DMZ can be used in place of a front-end server. ISA checks for malicious traffic before forwarding to back-end servers.