NetMAX Newsletter - January 2008

1. [Support] MS Exchange TLS ports through a NetMAX Firewall
2. [Support] Executing Multi-Group CGI Scripts in NetMAX
3. [General] Let's Hear From You

1. MS Exchange TLS ports through a NetMAX Firewall

If you're using MS Exchange server behind a NetMAX firewall, you should be aware that MS Exchange uses the TLS protocol -- which is a name-based authentication that doesn't do reverse DNS from the MS Exchange server. This will cause issues with trying to connect to the exchange server through telnet to these ports:

*Protocol*: POP3
*Port (TCP/UDP)*: 110 (TCP)
*Description*: Post Office Protocol version 3, enables "standards-based" clients such as Outlook Express or Netscape Communicator to access the e-mail server.

As with IMAP4, POP3 runs on top of the IIS Admin Service, and enables client access to the Exchange 2000 information store.

*Protocol*: POP3/SSL
*Port (TCP/UDP)*: 995 (TCP)
*Description*: POP3 over SSL.

To enable POP3 over SSL, you must install a computer certificate on the Exchange 2000 server.

*Protocol*: SMTP/SSL
*Port (TCP/UDP)*: 465 (TCP)
*Description*: SMTP over SSL.

TCP port 465 is reserved by common industry practice for secure SMTP communication using the SSL protocol. However, unlike IMAP4, POP3, NNTP, and HTTP, SMTP in Exchange 2000 does not use a separate port for secure communication (SSL) -- instead employing an "in-band security sub-system" called Transport Layer Security (TLS). To enable TLS to work on Exchange 2000, you must install a computer certificate on the Exchange 2000 server.

There is a new Troubleshooting Assistant tool at the Microsoft website that may help diagnose any specific issues -- you can download it here:

microsoft.com/technet/prodtechnol/exchange/downloads/2003/tools.mspx

2. Executing Multi-Group CGI Scripts in NetMAX

If you are trying to create two different secure sites for one URL, then you may need to execute multi-group CGI scripts. An example of this: a first password will get that user into one site (such as index.html), and a second password will get the user into another secure site (such as indexsec.html). In this example situation, there is information on the management site that we do not want the second group of users to have access to.

To set this up, do the following:

1. Users/Groups/Create
   • Add the two user groups that you want to access the different index.html file.
• Make a New Group (named whatever you prefer) that will define both user groups.
2. Upload the index.cgi file to /System/Web/external or internal (as appropriate for your task).
3. Open the index.cgi file and edit the following:

   #!/usr/bin/perl
   # Configuration settings.

$group1 = "Group1";
- Change to group name that you want to access index.html1 -

$group2 = "Group2";
- Change to group name that you want to access index.html2 -

$url1 = "index1.html";
- Change to index.html1 that you want Group1 to access -

$url2 = "index2.html";
- Change to index.html2 that you want Group2 to access -

print "Content-type: text/html\n\n" ;
print <<EOF ;
<html>
<head><title>Redirect Page</title></head>
<body>
EOF
$_=`/usr/bin/groups $ENV{'REMOTE_USER'}`;
if (/$group1/) {
print "<META HTTP-EQUIV=REFRESH CONTENT=\"0; URL=$url1\">\n";
} elsif (/$group2/) {
print "<META HTTP-EQUIV=REFRESH CONTENT=\"0; URL=$url2\">\n";
} else {
print "Internal error. The authorized group must contain all
members of $group1 and $group2.\n";
}
print <<EOF ;
</body>
</html>
EOF

And that's it! If you have questions about the procedure, please visit NetMAX Support online:

www.netmax.com/support/

3. Let's Hear From You!

We would very much like to hear from you - especially about how you use NetMAX and Linux in your business, and what features we can add to NetMAX to make it better suit your needs. Please contribute your input to the NetMAX Forum at:

www.netmax.com/cgi-bin/ikonboard/ikonboard.cgi

or to our general NetMAX contact form at:

www.netmax.com/partners/contacts.html

Let us know about your likes, dislikes, and general comments. We are especially interested in the features that you would like to see in the forthcoming NetMAX 6.0 release.

Thank you!