> How can I protect a windows exchange server and domain controller? > windows farm --- linux iptables -- internet > > Again, I cannot change the windows exchange to linux postfix. > Although it is within my authority to move to linux, hundreds > of people using the windows farm won't be glad for a drastic > change. I am slowly moving some people to linux though. :D You don't have to. Put a Linux/Postfix mail relay between Exchange and the internet and firewall the machine. Then you can also do spam/virus filtering, etc. Your people won't notice it (well, smart ones maybe). > For the exchange server, what ports do I need to open? Do I > need some port forwarding? I want to create some sort of > routing through iptables so I can secure the windows server as well. For pop/imap/ldap access you could do portforwarding, but also proxying. In that case maybe Delegate is what you want but there could be better options than Delegate. (http://www.delegate.org/delegate/) > For the domain controller, people said I need to make sure dns > is open. What else do I need to open up? Again, can I just do > some routing for the dns? If the DC requires DNS and has a DNS service ; yes. That can be covered with NAT. You can configure Exchange to use a smart host (in the above example : Postfix) which does the actual sending of email on the internet. Then, local DNS is enough for Exchange. Gr, Rob
