Hi,
We are going to make a quick move to a cloud service provider that will host our users on virtual desktops in a datacenter. I don't want to move to an Exchange Server if I can help it.
Is it possible that my Outlook 2010 clients running from servers in the remote datacenter could still connect to my mercury32 installation here in my office to get their mail? Are there any major cons to this if its possible?
Would I need to open ports here on my firewall? What risk does that present?
Also, I'm wondering, if I'm forced to move to Exchange server, is there anything Mercury32 can do that Exchange server cannot do? Pros or cons?
Thanks much,
Mark
[quote user="Mrpush"]Is it possible that my Outlook 2010 clients running from servers in the remote datacenter could still connect to my mercury32 installation here in my office to get their mail?[/quote]Certainly.[quote]Are there any major cons to this if its possible?[/quote]No.[quote]
Would I need to open ports here on my firewall?[/quote]Yes.[quote]What risk does that present?[/quote]Minimal. The only risk is that Mercury has an exploitable vulnerability, since that is the only thing exposed on the opened mail ports.
Also, as (presumably) all clients will be coming from the datacentre ip (either single or a small, known, range) then it is easy to restrict access to those ip's only, either in your firewall or in the Mercury config.[quote]
Also, I'm wondering, if I'm forced to move to Exchange server, is there anything Mercury32 can do that Exchange server cannot do? Pros or cons?
Dilberts,
Are there guidelines for this type of setup anywhere?
For example, my Mercury32 does not have a fully qualified POP3 server internet name like "pop3.yahoo.com" so how do I tell mail clients how to get to mercury just via my static IP with my internet provider?
Would some like "mystaticWANIPaddress:110" set in my mail clients work if I port forward port 110 to the internal IP of my mercury32 server?
Would Mercury32 IMAP be better?
Thanks for the info,
Mark
Hi,
Well how about that? I played with my firewall settings, and I can hit Mercury32 from my phone!
Ok, so now I'm confused about Mercury32 restrictions. Currently none are set in pop3 server. It allows everything to connect. If I add an allow restriction say for one IP address, does it then block "all other connections" as well unless I add an allow for them too? I don't understand how its going to affect all other connections as it was already allowing all connections.
Thanks,
MP
From a security point of view, it would be much, much safer to restrict the source IP at your firewall rather than in the mail server software. It wouldn't hurt do do both, but if I could only choose 1, it would be the firewall.
[quote user="Mrpush"]Are there guidelines for this type of setup anywhere?[/quote]It's really no different than a local connection.[quote]
For example, my Mercury32 does not have a fully qualified POP3 server internet name like "pop3.yahoo.com" so how do I tell mail clients how to get to mercury just via my static IP with my internet provider?
Would some like "mystaticWANIPaddress:110" set in my mail clients work if I port forward port 110 to the internal IP of my mercury32 server?[/quote]Yes.[quote]Would Mercury32 IMAP be better? [/quote]Only if you want IMAP instead of POP3.[quote]If I add an allow restriction say for one IP address, does it then block
"all other connections" as well unless I add an allow for them too? I
don't understand how its going to affect all other connections as it was
already allowing all connections.[/quote]The connection control entry allows you to apply other settings (such as logging, relaying, etc.) to the specified IP range. To block everything you have to put in a "block" entry for 0.0.0.0-255.255.255.255, then put "allows" for what you want.
As explained in the help, the "closest" matching range to the actual connecting IP applies.
But, yes, if the only external connection will be from the datacentre clients, restrict it to that IP only, with your firewall.
Your previous draft for topic is pending
If you continue, your previous draft will be discarded.