General discussion

Locked

email for a special group

By almonday ·
I would like to get some assistance on how I can have a group of people accessing email in the DMZ where they can share information amongst themselves. They will be using OWA to access this server in the DMZ. They also want to use SSL to secure their emails. Would I have to do anything with MX record to give them access? Or do they need there own domain. I am not sure how to implement this solution. Can anybody tell me if they had a similar situation?

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by mgonzales In reply to email for a special group

If I understand this correctly, you want a group of people to be able to access e-mail that comes into the group. If thats the case then put everyone in a distribution list. If this is not the case and they want access to files to share then you could use a public folder where files can be shared as attachments, but this could lead to confussion. If the users are sitting inside there own DMZ then pick a workstation within that DMZ and share a folder and have them use that as a shared space. The MX record purpose in life is to tell outside the company how to get e-mail to your server.

Collapse -

by mgonzales In reply to email for a special group

Also, you can create use the e-mail address associated with a public folder for a single shared space for e-mail coming in.

Collapse -

by techtonik In reply to email for a special group

1) The DMZ server only has to be running IIS w/ OWA installed and provided with appropriate ports back through the firewall to for access. There is no need to place an exchange server in DMZ unless asking for trouble...
2) For proper SSL access to OWA, a certificate must be purchased (www.versign.com) and imported into IIS. Only allow port 443 access to this server and disable all other web ports. This will force usage of 443. You may have to add external DNS entries to route to this server properly, but it shouldn't be necessary with proper IIS configuration. There is configuration entries in IIS that allow routing of all inbound traffic to port 443, or you can leave port 80 open for requests, then route to 443 as necessary.
3) Setup a security group with the allowed users as memebers, then, through IIS on the DMZ server, only allow this group access to the web server in the DMZ. This will effectively block any unauthorized access by forcing users to authenticate as soon as the page is accessed.

Hope this can get you started!!

Back to Software Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums