MS Exchange and Linux

MS Exchange and Linux

Post by Tom Basc » Sun, 12 Dec 1999 04:00:00



I have a Red Hat Linux 6.1 server functioning nicely doing IP
masquerading for my home network of Windows PCs.  I can use it to dial
out using ppp to the network at work and ping, ftp, http and telnet to my
hearts content.  My ipchains rules are the basic:

        ipchains -P forward DENY
        ipchains -A forward -j MASQ -s 192.168.1.0/24

Unfortunately the e-mail servers at work are Exchange servers and they
only support Exchange and Outlook clients.  No POP3 and no IMAP.  So I
need to run an Exchange client.  Currently I have to shutdown the Linux
ppp link, futz around with cables and dial out from a PC to get a
connection that lets my Exchange client work.

A couple of days ago someone posted a simlar problem and the given
solution was to add:

        ipmasqdm -portfw -a -P tcp -L "External NIC" 25 -R "Mail Server
IP" 25

Apparently that worked because there hasn't been any further traffic on
the issue :-)

Unfortunately RH 6.1 doesn't seem to have anything called "ipmasqadm".

I fired up tcpdump on the ppp0 interface and watched lots of interesting
traffic go by (I captured it too) as I tried to start up exchange but I'm
afraid that it was all over my head -- I'm not sure how to apply any of
that to ipchains in order to get exchange to work.

Does anyone have a simple solution for RH 6.1 that will allow me to use
exchange without dedicating a PC and a modem to the effort?

Alternatively -- what process can I follow to figure it out myself?  I'm
assuming that I can use tcpdump to analyze the traffic and bit by bit
through trial and error determine what I need to do.  But I may be old
and gray by the time that I figure all that out...

 
 
 

MS Exchange and Linux

Post by Eugen » Mon, 13 Dec 1999 04:00:00


you need to download ipmasqadm (did this idea ever come to you???). I forget
what the address is though. Search freshmeat.net. Also take a look at
www.kernelnotes.com they might have a link there.

Eugene


> I have a Red Hat Linux 6.1 server functioning nicely doing IP
> masquerading for my home network of Windows PCs.  I can use it to dial
> out using ppp to the network at work and ping, ftp, http and telnet to my
> hearts content.  My ipchains rules are the basic:

>         ipchains -P forward DENY
>         ipchains -A forward -j MASQ -s 192.168.1.0/24

> Unfortunately the e-mail servers at work are Exchange servers and they
> only support Exchange and Outlook clients.  No POP3 and no IMAP.  So I
> need to run an Exchange client.  Currently I have to shutdown the Linux
> ppp link, futz around with cables and dial out from a PC to get a
> connection that lets my Exchange client work.

> A couple of days ago someone posted a simlar problem and the given
> solution was to add:

>         ipmasqdm -portfw -a -P tcp -L "External NIC" 25 -R "Mail Server
> IP" 25

> Apparently that worked because there hasn't been any further traffic on
> the issue :-)

> Unfortunately RH 6.1 doesn't seem to have anything called "ipmasqadm".

> I fired up tcpdump on the ppp0 interface and watched lots of interesting
> traffic go by (I captured it too) as I tried to start up exchange but I'm
> afraid that it was all over my head -- I'm not sure how to apply any of
> that to ipchains in order to get exchange to work.

> Does anyone have a simple solution for RH 6.1 that will allow me to use
> exchange without dedicating a PC and a modem to the effort?

> Alternatively -- what process can I follow to figure it out myself?  I'm
> assuming that I can use tcpdump to analyze the traffic and bit by bit
> through trial and error determine what I need to do.  But I may be old
> and gray by the time that I figure all that out...


 
 
 

MS Exchange and Linux

Post by Tom Basc » Mon, 13 Dec 1999 04:00:00



Quote:> you need to download ipmasqadm (did this idea ever come to you???).

Yes.  But like you I didn't have a url (Red Hat's "search" engines always
come up blank for some reason) and not knowing what it is I thought that
it might perhaps be a different name for something that RH has in another
form.

Quote:> I forget
> what the address is though. Search freshmeat.net. Also take a look at
> www.kernelnotes.com they might have a link there.

Thanks.  I'll look!

In the meantime if anyone happens to know of a way to do it without
installing anything I'm still interested.

 
 
 

MS Exchange and Linux

Post by Hugo Villeneuv » Mon, 13 Dec 1999 04:00:00



> I have a Red Hat Linux 6.1 server functioning nicely doing IP
> masquerading for my home network of Windows PCs.  I can use it to dial
> out using ppp to the network at work and ping, ftp, http and telnet to my
> hearts content.  My ipchains rules are the basic:

>         ipchains -P forward DENY
>         ipchains -A forward -j MASQ -s 192.168.1.0/24

> Unfortunately the e-mail servers at work are Exchange servers and they
> only support Exchange and Outlook clients.  No POP3 and no IMAP.  So I
> need to run an Exchange client.  Currently I have to shutdown the Linux
> ppp link, futz around with cables and dial out from a PC to get a
> connection that lets my Exchange client work.

> A couple of days ago someone posted a simlar problem and the given
> solution was to add:

>         ipmasqdm -portfw -a -P tcp -L "External NIC" 25 -R "Mail Server
> IP" 25

This will allow to receive internet mail using the SMTP protocol send to
your Exchange server. This has nothing to do with client connecting to
get mail.

Quote:> Apparently that worked because there hasn't been any further traffic on
> the issue :-)

I don't think there was any allusion to connecting Exchange client in a
thread lately.

Quote:

>[snip]

I heard of this like 2 month ago but I don't have a Echange Server to
try this out. (and I don't think this was the original document I had
read)

http://www.microsoft.com/exchange/55/gen/Security.htm

Toward the end, there is a section for connecting Exchange Client
through the internet. Exchange use strange protocols (NT RPC).

Try first to masquared port 135. Then try the modification on the
server.

Hugo Villeneuve

 
 
 

MS Exchange and Linux

Post by Tom Basc » Mon, 13 Dec 1999 04:00:00



says...


> > ... the e-mail servers at work are Exchange servers and they
> > only support Exchange and Outlook clients.

> <snip>

> I heard of this like 2 month ago but I don't have a Echange Server to
> try this out. (and I don't think this was the original document I had
> read)

> http://www.microsoft.com/exchange/55/gen/Security.htm

That's pretty interesting.

Quote:> Toward the end, there is a section for connecting Exchange Client
> through the internet.

Just to clarify -- I'm not actually doing this through the internet.  I'm
using a dial-up networkng connection directly into the NT servers at
work.  I'm using a Linux server with ppp to do it so it's very similar to
dialing into an ISP but it isn't quite the same thing.

Quote:> Exchange use strange protocols (NT RPC).

> Try first to masquared port 135. Then try the modification on the
> server.

What exactly would I do to accomplish that?

This whole topic is a little arcane from my perspective :-(

The article also talks about needing to permit TCP and UDP on port 53 for
DNS.  That seems to make sense because the tcpdump data showed something
about some udp failures (I'll have to look back to see the details...)

 
 
 

1. Firewalling a Local Area Network with routers, MS Exchange, MS Proxy and LINUX.........

Dear all,

I wonder if someone could offer some advice?

Let take a second to explain the network topology we have here - briefly:

Single subnet LAN - comprising NT network with the odd bit of Novell kit.

Our comms machine runs MS Exchange 5.5 and Proxy 2.0 (it also has RRAS for
VPNs but this doesn't work because of the router listed below).

This comms machine is multihomed (I believe this is the term for 2 network
cards) The internal network as above and the external network connects to a
CISCO 760 series ISDN router. This machine is the BDC - the seperate PDC is
also the internal DNS server.

Currently, all internet access works fine via the router. This is using port
address translation to hide all internal IP addresses and present as one.
Exchange happily fires off through the link too - and when connected - our
SMTP feed pushes into the Exchange server. We have 'firewalling' set up on
the router and with MS Proxy.

There are two issues I want to raise.....

1. One problem we have is that MS Exchange brings up the ISDN link every
time an externally destined email is sent - and I don't believe it is
possible to get Exchange to hold the outbound mail and fire it off at
predetermined intervals. This is costing us a fortune.....  We send large
amounts of externally bound email - all quite small - but with the ISDN line
being brought up very often, you can guess what the bill is like (5-10 sends
per hour). When we used modems, this could be achieved because Exchange used
RAS connections which could be limited to 'batch' dial-outs. This no longer
is true for the router setup.

2. We have an ISDN modem which I daresay we could use instead of the router
to give us limited dial-out but then we become reliant upon MS Proxy
firewalling as we loose the router. Is MS Proxy secure enough? (Seriously
please Linux boys and girls :-) )  And will Linux provide the internal IP
address 'hiding' - presenting one address to the outside world? Should we
drop a linux box in between the MS-Proxy/Exchange and the ISDN? Is this hard
to administer/setup as a dedicated firewall.

We want to set up a system with http. ftp etc initialed dialout (MS Proxy)
but not by email (MS Exchange) which we can fire off every couple of hours
or so (We have a batch file which can do this in reverse in order to recieve
our mail).

We need it to be secure (!) or should I say as secure as possible... and it
would be cool if we could get VPN too (MS RRAS flavor) via the ISDN modem as
the router will not handle the encapsulation properly.

Oh and finally, the funds available are very limited, so a big
UNIX/commercial solution is probably prohibitively costly.

All ideas welcome.

Ta everyone

S

2. lilo and win2k

3. Linux Firewalls, MS Proxy Server and MS Exchange Server

4. 2.5.40 s390 (4/27): syscalls.

5. Linux <-> MS-Exchange Coexistence

6. Changing root dir of user account

7. Linux and MS Exchange Server

8. Backup PSX cd in Linux?

9. reading MS Exchange Mail in Linux

10. Something like MS-Exchange for Linux?

11. MS Exchange and Linux

12. MS Exchange for Linux??

13. Goodbye MS Exchange? Alternate Workgroup options on Linux?