Or use something like Horde/IMP/Turba on Apache/SSL to get IMAP/SSL
webmail and LDAP/SSL contact info from Exchange ....

That's 2 ports to the backend:
636/tcp or 3269/tcp for LDAP/SSL or GC/SSL (both work, as sadly
Exchange/Win2k/2k3 has no LDAP/TLS

993/tcp for IMAP/SSL (again no TLS)

worked for me...

>
> PS - How come nobody's come back with, "The most secure option is to not use
> OWA at all and make people check their e-mail from the office like normal
> human beings." ? If you apply that option to the risk valuation I use
> above, you get a sum of 0. Clearly better than the rest.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/li...rewall-wizards