Markus, Great!!! Do you know of any good books on Squid 3.0? or any docs out there that explain how to do this? Setting up SSL is new to me in general so I want to make sure I can get a decent understanding of how Squid would work in this situation. Would the SSL session just get transparently forwarded to the Exchange box? or would there have to be some sort of authentication on the SuSE box for Squid to let it through? Thanks again!! Eric Markus Gaugusch wrote:
I am currently trying to implement an Exchange 2000 server and it was suggested by a friend that I put a SuSE box between the internet and Exchange. He suggested having Postfix relay incoming mail only to the Exchange box and then allow Exchange to send out its mail through the firewall (Watchguard).
I've implemented this in my company and it is relatively easy. But we use two relay servers (+ MX entries), to make the relay redundant (of course exchange is not, but at least the relay :)
Then for the OWA/SSL connectivity, he suggested using Apache's mod_proxy & mod_ssl to protect IIS. I am only going to allow https traffic to my exchange server.
I did this with squid. The 3.0 version has a special feature called "front_end_https", which is needed if the OWA doesn't use https (which is ok, in the LAN).
My question is, is this plan feasible? and does anyone know if there is a how to out there for this type of configuration? I've never setup Postfix or these Apache modules so I am hoping to find out if its possible since I don't have a lot of time to set this up due to the launch date of Exchange.
Yes, it is absolutely feasible! But I wouldn't do it with apache. In any case, don't forget regular updates of BOTH machines using windows update and fou4s/YOU.
Markus