Hardening SBS / OWA

[nrh1703]

If you're looking to reduce admin headache and get exchange have you considered win 2008 r2 for AD and a hosted exchange solution? You won't need to worry about opening ports for owa etc and someone else can take on the hassle of looking after exchange (admitedly not huge with sbs). The only thing you'll need to do is install a tool for ad/exchange credential management (MS has tool(s) for this).

I've got a linux system filtering mail and forwarding requests on port 80 to port 443 on my sbs machine. Combined with my firewall setup this means I only have port 443 and 1723 (vpn) on the sbs box accessible from the internet.

 

[dave-lew99]

I looked at hosted exchange and it would come out quite a bit more expensive (due to the mailbox sizes mostly), i'd prefer to keep it in house really, plus if we went hosted, i haven't a hope in hell of getting AD, this is to solve an e-mail problem, SBS does it at an extremely cost effective level, which is how i'm getting it past the powers that be.

The only port we have open at the moment is for VPNs, i'd only open 443 to SBS, i may proxy it through apache, just so i'm not exposing it directly to the web.