Following on from sterling help from apotheon with regards to Firewalls, I have a question to ask the community….
My MD wants to be able to access Outlook Web Access (Exchange 2000 running on our PDC) from the internet… Whilst this is not exactly a great situation to be in in the first place, I’m absolutely sure that having it on the internal network would be crazy – so I’ll have to implement a DMZ to achieve it…
I’m thinking that setting up an Apache reverse proxy in the DMZ to buffer the OWA machine would be a good call…
Is there a problem with this as a concept – will Apache be able to properly protect the OWA? I’ve got this website as a guide for the process… http://3cx.org/item/46
Is there too great a security risk opening the PDC up on the internet, even behind a proxy?
Would there be an issue with putting an Anti-Spam/Virus gateway on the box too (using Postfix and Spam Assassin) and piping incoming email through that box as well? Or would it be best to keep both DMZ services on separate boxes….?
I was looking at this guide http://flakshack.com/anti-spam/wiki/index.php on OpenBSD for my Anti-Spam proxy – I’m guessing a lot of it is portable between *nixes….
Any help or suggestions would be appreciated…
Many thanks,
Jx
