Firewallen på sbs 2003 er sat op ved hjælp af internet wizarden som foreskrevet, og her er et uddrag af logfilen:
FIREWALL CONFIGURATION SUMMARY
After the wizard completes, the following firewall settings
will be configured:
Enable IP routing.
Add the loopback adapter IP address of 127.0.0.1 to
support the
http://localhost for IIS.
Internet Information Services (IIS) will be configured as
follows:
Restrict default Web site of IIS to only respond to
requests from the local network.
Set the maximum number of incoming Web request
connections allowed to the default Web site to 500. This
improves system availability and reliability by mitigating
denial-of-service attacks against your Web site.
Allow access to Outlook Web Access to the Internet
by modifying the IP permissions of the Web site for the
following IIS Web site directories to allow clients from any
IP address to connect: /exchange/, /exchweb/, /public/.
Additionally, the Default Web site is configured for Forms
Based Authentication (also called Cookie Authentication).
The Public folder is also configured to accept Windows
Integrated Authentication.
Allow access to Window Sharepoint Services to the
Internet by modifying the IP permissions for the Intranet
IIS Web site directory to allow clients from any IP address
to connect.
Allow access to Remote Web Workplace to the Internet
by modifying the IP permissions for the Remote IIS Web site
directory to allow clients from any IP address to connect.
Allow access to Server performance and usage reports
to the Internet by modifying the IP permissions for the
Monitoring IIS Web site directory to allow clients from any
IP address to connect.
Allow access to Outlook Mobile Access to the
Internet by modifying the IP permissions for the OMA and
Microsoft-Server-ActiveSync IIS Web site directories to
allow clients from any IP address to connect. The
Exchange-oma IIS Web site directory is set to never require
SSL and to deny access to all computers except the computer
running Windows Small Business Server.
Allow access to Outlook via the Internet to the
Internet by modifying the IP permissions for the Rpc IIS Web
site directory to allow clients from any IP address to
connect.
NOTE: Users connecting to Outlook Web Access,
Remote Web Workplace, and Outlook via the Internet, must use
an https:// connection. Additionally, these Web site
directories are configured to require 128-bit encryption.
All other Web sites can use either https:// or http://
connections.
E-MAIL CONFIGURATION SUMMARY
After the wizard completes, the following e-mail settings
will be configured:
Exchange will be configured as follows:
Email: Enable Exchange for Internet e-mail with the
following settings:
E-mail delivery:
Route e-mail to the Internet by using DNS.
E-mail retrieval:
Use the Microsoft Connector for POP3 Mailboxes to retrieve
e-mail from POP3 mailboxes.
Use Exchange to retrieve SMTP e-mail.
Email retrieval method:
Route e-mail from the Internet directly to Exchange.
Registered Internet e-mail domain name: bangbogfoering.dk.
Retrieve e-mail using the Microsoft Connector for POP3
Mailboxes from the following POP3 accounts:
User Mailbox niels@xxyyzz.dk
Mail delivery schedule: Deliver mail for Exchange mailboxes
and POP3 mailboxes by using the defined schedule.
Create the SmallBusiness SMTP connector.
Set the SmallBusiness SMTP connector to:
Use DNS to route to each address space on this
connector.
Add a local bridgehead server to the name of the
Windows Small Business Server.
Use the address space type of SMTP with an address
of *for the e-mail domain and a cost of 1. This configures
Exchange to send and receive e-mail to any location on the
Internet.
Modify the default recipient policy to:
Add bangbogfoering.dk for SMTP e-mail addresses and
make it the primary address. This configures e-mail accounts
to use the specified e-mail domain name, such as
username@bangbogfoering.dk.
Set the Default SMTP Virtual Server to:
Limit incoming connections to 500. This improves
system availability and reliability by mitigating
denial-of-service attacks against your Exchange.
Limit the number of outbound connections to 10. This
prevents Exchange from excessive usage of network
bandwidth.
Allow clients computers with an IP address within
the range of local IP addresses to relay mail through the
SMTP virtual server, which prevents spam relay.
Allow e-mail relay to local IP addresses and to
client computers that successfully authenticate against the
server.
Den svarer på port 25 på både adressen 192.168.2.5, 127.0.0.1, 93.166.12x.xxx så længe man gør det fra serveren selv, men hvis man udefra forsøger at ramme serveren, får man ikke noget svar.
Port 25 et nattet til serveren på samme måde som 443 - 1723 - 3389, og disse porte virker udmærket.
Firewallen i routeren er til formålet "lagt ned".
