Thursday, December 16, 2010

Setting up a Test Environment for Mail Servers (sending and receiving emails – Internal (LAN) to External (WAN) and vice versa)

 

This time I am going to write about the procedure on setting up a Test Environment for understanding Mail Servers (sending and receiving emails- Internal to External and vice versa)

 

Here, in my case I first installed VMWARE ESXi server on my Server which has 8 GB RAM

 

Then deployed 3 virtual machines (VMs) with the Operating System as Windows Server 2003 SP2

 

Let me first explain why three VMs/Systems:

  1. Domain Controller and Exchange Server (Internal)
  2. RRAS (used for LAN Routing)
  3. Domain Controller and Exchange Server (External)

 

Setup a Static IP Address with a Completely Different Subnet for the Two Servers. For example setup 192.168.1.30 for one server and setup 192.168.20.30 for another server

 

Install and Configure DNS on both the identified Systems

 

Install and Configure Active Directory on both the identified Systems making it a completely new Domain Controllers (DCs) in a completely new forest for each one

 

Make sure that both the DCs are completely different domains in completely different forest

 

For Example: myhome.abc and company.abc

 

Prepare the server for Exchange Installation by running “forestprep” and “domainprep”

 

Once successful, install Exchange Server on both the identified Systems

 

Then go to the DNS Server snap-in and Configure both the DNS server to use each other as forwarders

 

For Example if we assume the two Server with the IP Address as:

  1. 192.168.1.30
  2. 192.168.20.30

Then we need to configure DNS Server 192.168.1.30 as a DNS forwarder for the server 192.168.20.30 and vice versa

 

 

To configure a DNS server to use forwarders

  • Open the DNS snap-in.
  • In the console tree, click the applicable Domain Name System (DNS) server.
    Where?
    • DNS/applicable DNS server
  • On the Action menu, click Properties.
  • On the Forwarders tab, click Edit.
  • Type the IP address for the fully qualified domain name (FQDN) of a forwarder, and then click OK.
  •  

    Once the DNS forwarding is completed, verify by sending an email to any user in the other Domain from the Existing one

    For Example: Sending an Email from the Domain myhome.abc to company.abc which are two completely different domains in completely different forest working on different subnets connected via a router

     

    Mail Sent Successfully isn't it ?

     

    This setup can now be used to simulate a Internal Email to WAN and WAN to Internal Email, since we can assume and configure one of the Domains as Internal and the other on WAN connected via a Router which is RRAS in our case

     

     

    All the best and Let me know how it goes or incase if you need any inputs

     

     

    Thank you for reading :-)

    Wednesday, May 26, 2010

    Reverse Hosting

     

    Reverse hosting is similar to reverse proxying except that in addition to protecting the servers sitting behind it, it also keeps a list of those servers on the network that are permitted to publish to the Internet. The proxy server listens for requests from those servers and responds for them, thus protecting them from unwanted visitors. The proxy server hides all internal
    servers.

     

    When configuring reverse hosting, ensure that all incoming Web requests will be discarded by default. This is done through the properties pages of the Web Proxy service under the Publishing tab. Mappings will be added that provide paths to the servers “downstream” or behind the proxy server, and these mappings will connect virtual paths that belong to the proxy server to the actual path of the Web server. Again, for the protection of the internal servers on the network, proxy is the gatekeeper so to speak, inspecting what comes in or goes out, and making sure that its internal network is safe.

     

    .

    Reverse Proxy

     

    Reverse Proxy is offered by to increase the security level for internal servers on the network. Reverse Proxy works by listening for HTTP requests by enabling the proxy server to capture incoming requests to an internal Web server and to reply for that server. This provides a measure of security for an internal Web server that might contain sensitive information or be vulnerable to hackers’ attacks. Since the proxy server handles requests, the outside user never sees the internal server. Configuring the Web server to sit behind the protection of the proxy server provides an essential layer of defense against hackers. Enabling reverse proxying is discussed in a later section.

     

    Ref: http://www.syngress.com

     

    .