bengreen.eu Circle Device

 

Quick Reference

Microsoft Exchange 2010

Recently I had to setup a server where Microsoft Exchange should be accessable through the web through HTTPS and to allow for mail to be delivered through port 25 (the standard SMTP port) on an external address. Naturally I did not want the Exchange Server itself accessable from the outside world:

    /-------------\     Linux NAT and Firewall    +---------------+
   /              /         +-----------+         | Exchange 2010 |
   | Internet    /          |  Gentoo   |         +--------+------+
   \             +----------+  Lighttpd |                  |
    \-----------/           |           +------------------+
                            +-----------+

We need to forward all SMTP traffic to to Exchange so:
iptables -t nat -A PREROUTING -i eth0 --proto tcp --dport 25 -j DNAT --to-destination 192.168.1.123 Simple enough.

Setup Exchange to Accept Plain HTTP Connections

We are actually implmenting something called SSL Offloading here so all we need to do is tell Exchange that HTTP has been offloaded. This is a registry setting so be careful:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchange OWA

Under this key make a new REG_DWORD named SSLOffloaded and set the value to 1.

Finally, you will need to change the configuration in IIS so that IIS will not insist on SSL.

IIS Manager with SSL Settings Highlighted

In IIS manager go to Sites\Default Web Site\owa then doible click on SSL Settings and remove the tick from Require SSL.

Lighttpd Setup

Reverse Proxy Configuration for Lighttpd is like any other:

proxy.server = ("/owa" => ("localhost" => ("host" => "192.168.1.123", "port" => 80 ) ) )

Make sure that mod_proxy is loaded in your config and that you have the SSL certificate configured.

References

Quick Links: Techie Stuff | General | Personal | Quick Reference