Community Discussions and Support
Can I hit Mercury32 with mail clients from a remote site?

Hi,

Thanks all for the help.  This should work out great. 

MP

<p>Hi,</p><p>Thanks all for the help.  This should work out great.  </p><p>MP </p>

Hi,

 We are going to make a quick move to a cloud service provider that will host our users on virtual desktops in a datacenter.  I don't want to move to an Exchange Server if I can help it. 

Is it possible that my Outlook 2010 clients running from servers in the remote datacenter could still connect to my mercury32 installation here in my office to get their mail?  Are there any major cons to this if its possible? 

Would I need to open ports here on my firewall?  What risk does that present?  

Also, I'm wondering,  if I'm forced to move to Exchange server, is there anything Mercury32 can do that Exchange server cannot do?  Pros or cons?

 Thanks much,

 Mark

 

<p>Hi,</p><p> We are going to make a quick move to a cloud service provider that will host our users on virtual desktops in a datacenter.  I don't want to move to an Exchange Server if I can help it.  </p><p>Is it possible that my Outlook 2010 clients running from servers in the remote datacenter could still connect to my mercury32 installation here in my office to get their mail?  Are there any major cons to this if its possible?  </p><p>Would I need to open ports here on my firewall?  What risk does that present?  </p><p>Also, I'm wondering,  if I'm forced to move to Exchange server, is there anything Mercury32 can do that Exchange server cannot do?  Pros or cons? </p><p> Thanks much,</p><p> Mark </p><p>  </p>

[quote user="Mrpush"]Is it possible that my Outlook 2010 clients running from servers in the remote datacenter could still connect to my mercury32 installation here in my office to get their mail?[/quote]Certainly.[quote]Are there any major cons to this if its possible?[/quote]No.[quote]

Would I need to open ports here on my firewall?[/quote]Yes.[quote]What risk does that present?[/quote]Minimal. The only risk is that Mercury has an exploitable vulnerability, since that is the only thing exposed on the opened mail ports.

Also, as (presumably) all clients will be coming from the datacentre ip (either single or a small, known, range) then it is easy to restrict access to those ip's only, either in your firewall or in the Mercury config.[quote] 

Also, I'm wondering,  if I'm forced to move to Exchange server, is there anything Mercury32 can do that Exchange server cannot do?  Pros or cons?

[/quote]Not used Exchange recently, so don't know.
[quote user="Mrpush"]Is it possible that my Outlook 2010 clients running from servers in the remote datacenter could still connect to my mercury32 installation here in my office to get their mail?[/quote]Certainly.[quote]Are there any major cons to this if its possible?[/quote]No.[quote]<p>Would I need to open ports here on my firewall?[/quote]Yes.[quote]What risk does that present?[/quote]Minimal. The only risk is that Mercury has an exploitable vulnerability, since that is the only thing exposed on the opened mail ports.</p><p>Also, as (presumably) all clients will be coming from the datacentre ip (either single or a small, known, range) then it is easy to restrict access to those ip's only, either in your firewall or in the Mercury config.[quote]  </p><p>Also, I'm wondering,  if I'm forced to move to Exchange server, is there anything Mercury32 can do that Exchange server cannot do?  Pros or cons? </p>[/quote]Not used Exchange recently, so don't know.

Dilberts,

Are there guidelines for this type of setup anywhere?  

For example, my Mercury32 does not have a fully qualified POP3 server internet name like "pop3.yahoo.com" so how do I tell mail clients how to get to mercury just via my static IP with my internet provider?

Would some like "mystaticWANIPaddress:110" set in my mail clients work if I port forward port 110 to the internal IP of my mercury32 server?

Would Mercury32 IMAP be better?

 Thanks for the info,

 Mark

<p>Dilberts,</p><p>Are there guidelines for this type of setup anywhere?  </p><p>For example, my Mercury32 does not have a fully qualified POP3 server internet name like "pop3.yahoo.com" so how do I tell mail clients how to get to mercury just via my static IP with my internet provider? </p><p>Would some like "mystaticWANIPaddress:110" set in my mail clients work if I port forward port 110 to the internal IP of my mercury32 server? </p><p>Would Mercury32 IMAP be better? </p><p> Thanks for the info,</p><p> Mark </p>

Hi,

Well how about that?  I played with my firewall settings, and I can hit Mercury32 from my phone!

Ok, so now I'm confused about Mercury32 restrictions.  Currently none are set in pop3 server.  It allows everything to connect.  If I add an allow restriction say for one IP address, does it then block "all other connections" as well unless I add an allow for them too?  I don't understand how its going to affect all other connections as it was already allowing all connections.

Thanks,

 MP

 

 

<p>Hi,</p><p>Well how about that?  I played with my firewall settings, and I can hit Mercury32 from my phone!</p><p>Ok, so now I'm confused about Mercury32 restrictions.  Currently none are set in pop3 server.  It allows everything to connect.  If I add an allow restriction say for one IP address, does it then block "all other connections" as well unless I add an allow for them too?  I don't understand how its going to affect all other connections as it was already allowing all connections.</p><p>Thanks,</p><p> MP </p><p> </p><p>  </p>

From a security point of view, it would be much, much safer to restrict the source IP at your firewall rather than in the mail server software.  It wouldn't hurt do do both, but if I could only choose 1, it would be the firewall.

<p>From a security point of view, it would be much, much safer to restrict the source IP at your firewall rather than in the mail server software.  It wouldn't hurt do do both, but if I could only choose 1, it would be the firewall.</p>

[quote user="Mrpush"]Are there guidelines for this type of setup anywhere?[/quote]It's really no different than a local connection.[quote]

For example, my Mercury32 does not have a fully qualified POP3 server internet name like "pop3.yahoo.com" so how do I tell mail clients how to get to mercury just via my static IP with my internet provider?

Would some like "mystaticWANIPaddress:110" set in my mail clients work if I port forward port 110 to the internal IP of my mercury32 server?[/quote]Yes.[quote]Would Mercury32 IMAP be better? [/quote]Only if you want IMAP instead of POP3.[quote]If I add an allow restriction say for one IP address, does it then block

"all other connections" as well unless I add an allow for them too?  I

don't understand how its going to affect all other connections as it was

already allowing all connections.[/quote]The connection control entry allows you to apply other settings (such as logging, relaying, etc.) to the specified IP range. To block everything you have to put in a "block" entry for 0.0.0.0-255.255.255.255, then put "allows" for what you want.

As explained in the help, the "closest" matching range to the actual connecting IP applies.

But, yes, if the only external connection will be from the datacentre clients, restrict it to that IP only, with your firewall.

[quote user="Mrpush"]Are there guidelines for this type of setup anywhere?[/quote]It's really no different than a local connection.[quote] <p>For example, my Mercury32 does not have a fully qualified POP3 server internet name like "pop3.yahoo.com" so how do I tell mail clients how to get to mercury just via my static IP with my internet provider? </p><p>Would some like "mystaticWANIPaddress:110" set in my mail clients work if I port forward port 110 to the internal IP of my mercury32 server?[/quote]Yes.[quote]Would Mercury32 IMAP be better? [/quote]Only if you want IMAP instead of POP3.[quote]If I add an allow restriction say for one IP address, does it then block "all other connections" as well unless I add an allow for them too?  I don't understand how its going to affect all other connections as it was already allowing all connections.[/quote]The connection control entry allows you to apply other settings (such as logging, relaying, etc.) to the specified IP range. To block everything you have to put in a "block" entry for 0.0.0.0-255.255.255.255, then put "allows" for what you want.</p><p>As explained in the help, the "closest" matching range to the actual connecting IP applies.</p><p>But, yes, if the only external connection will be from the datacentre clients, restrict it to that IP only, with your firewall. </p>
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
With selected deselect posts show selected posts
All posts under this topic will be deleted ?
Pending draft ... Click to resume editing
Discard draft