Access GW without VPN

Hello,

has someone a good idea for this problem:
Our CEO wants access to his eMail from everywhere with his MacBook. But ... he dont want to start a VPN Tunnel before (With VPN everything is working).
We tested TouchDown via ActiveSync and Mobility Service, this worked well, but this client seems to be to "simple" for him.

On the other side i dont want to open our firewall for direct access via IMAP.

I am at one's wits' end.... :-(

Regards
Heiko

Tags:

  • On 11.03.2014 16:16, heikoehberger wrote:
    >
    > Hello,
    >
    > has someone a good idea for this problem:
    > Our CEO wants access to his eMail from everywhere with his MacBook. But
    > ... he dont want to start a VPN Tunnel before (With VPN everything is
    > working).
    > We tested TouchDown via ActiveSync and Mobility Service, this worked
    > well, but this client seems to be to "simple" for him.
    >
    > On the other side i dont want to open our firewall for direct access via
    > IMAP.


    Well, we do our best, but miracles still take a while. ;)

    Although of course I wouldn't use IMAP. Most customers I know simply
    open up the POA port to the outside, with or without added SSL.

    CU,
    --
    Massimo Rosen
    Novell Knowledge Partner
    No emails please!
    http://www.cfc-it.de
  • In article <KXFTu.5956$8g7.4071@novprvlin0913.provo.novell.com>,
    Massimo Rosen wrote:
    > Although of course I wouldn't use IMAP. Most customers I know simply
    > open up the POA port to the outside, with or without added SSL.
    >

    Why not IMAP?

    Other note, you can and probably should set to only allow specific
    users for IMAP and/or POP within GWIA's "Class of Service"
    It is almost worth setting up a separate GWIA just to properly handle
    authenticated SMTP on a port other than 25 that is usually blocked by
    home ISPs to combat the spambots. Port 587 is a standard for this
    http://tools.ietf.org/html/rfc6409


    Andy of
    KonecnyConsulting.ca in Toronto
    Knowledge Partner
    http://forums.novell.com/member.php/75037-konecnya
    If you find a post helpful and are logged in the Web interface, please
    show your appreciation by clicking on the star below. Thanks!

  • On 11.03.2014 18:05, Andy Konecny wrote:
    > In article <KXFTu.5956$8g7.4071@novprvlin0913.provo.novell.com>,
    > Massimo Rosen wrote:
    >> Although of course I wouldn't use IMAP. Most customers I know simply
    >> open up the POA port to the outside, with or without added SSL.
    >>

    > Why not IMAP?


    Why IMAP, when he wants the full groupwise functionality?

    CU,
    --
    Massimo Rosen
    Novell Knowledge Partner
    No emails please!
    http://www.cfc-it.de
  • In article <EkJTu.5984$8g7.1707@novprvlin0913.provo.novell.com>,
    Massimo Rosen wrote:
    > Why IMAP, when he wants the full groupwise functionality?
    >

    Well for a Mac, what else is there than the very old native clients?
    IMAP is much closer than POP (synced folders and all that) and is what
    I use where I can't use native GroupWise.


    Andy of
    KonecnyConsulting.ca in Toronto
    Knowledge Partner
    http://forums.novell.com/member.php/75037-konecnya
    If you find a post helpful and are logged in the Web interface, please
    show your appreciation by clicking on the star below. Thanks!

  • Massimo Rosen wrote:

    > Although of course I wouldn't use IMAP. Most customers I know simply open up
    > the POA port to the outside, with or without added SSL.


    I would suggest this as well. It's a very valid (and secure) method.

    --
    Danita
    Novell Knowledge Partner
    Are you a GroupWise Power Administrator? Join our site.
    http://www.caledonia.net/register

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...
  • He wants to use definitly the Mail.app from mavericks. :-(
    He did not use any groupwise clients.
    So it looks that way that i can only open IMAP Port with the additional restrictions in GWIA that Andy mentioned.
    ...i have mixed feelings about that ... :-(
    But thank you for all your statements.

    By the way, he always argues, that all other companys are working in this way (mails everywhere without VPN), and if they all use exchange, that this works?
    I have less knowledge about EWP and Exchange, but i am sure some of you know more about the general behaviour of other midsize companys!? How are they working?

    Regards

    Heiko
  • heikoehberger wrote:

    >
    > He wants to use definitly the Mail.app from mavericks. :-(
    > He did not use any groupwise clients.
    > So it looks that way that i can only open IMAP Port with the
    > additional restrictions in GWIA that Andy mentioned.
    > ...i have mixed feelings about that ... :-(
    > But thank you for all your statements.
    >
    > By the way, he always argues, that all other companys are working in
    > this way (mails everywhere without VPN), and if they all use exchange,
    > that this works?
    > I have less knowledge about EWP and Exchange, but i am sure some of
    > you know more about the general behaviour of other midsize companys!?


    It doesn't matter what the backend is. If end users want access to
    their e-mail from outside of the organizaiton but don't want to use a
    VPN, then this means exposing corporate e-mail services to the public
    Internet.

    BTW, back when I used to manage a GW environment, I used this open
    source IMAP proxy for this situation.

    http://www.imapproxy.org/

    This way I didn't have to expose IMAP services in the GWIA or POA
    directly to the Internet. Instead I used the proxy on a SLES server in
    the DMZ, and then that proxy came back into the network to communicate
    with GW.

    --
    Your world is on the move. http://www.novell.com/mobility/
    We know what your world looks like. http://www.novell.com/yourworld/
  • "Joseph Marton" wrote:


    > BTW, back when I used to manage a GW environment, I used this open source IMAP
    > proxy for this situation.
    >
    > http://www.imapproxy.org/


    That's a nice little option. As a Mac user I too use IMAP, so I might look at
    it - if I ever finish the GW 2014 Upgrade Guide and can find a spare moment ;-)

    --
    Danita
    Novell Knowledge Partner
    Are you a GroupWise Power Administrator? Join our site.
    http://www.caledonia.net/register

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...
  • DZanre wrote:

    > That's a nice little option. As a Mac user I too use IMAP, so I
    > might look at it - if I ever finish the GW 2014 Upgrade Guide and can
    > find a spare moment ;-)


    Well if you're thinking you'll do it when you get a round to it....

    http://upload.wikimedia.org/wikipedia/commons/9/93/RoundTuit.jpg

    --
    Your world is on the move. http://www.novell.com/mobility/
    We know what your world looks like. http://www.novell.com/yourworld/
  • In article <heikoehberger.6auu5z@no-mx.forums.novell.com>, Heikoehberger
    wrote:
    > By the way, he always argues, that all other companys are working in
    > this way (mails everywhere without VPN), and if they all use exchange,
    > that this works?
    >

    Just because others (of the flock) are doing things a particular way,
    doesn't make it a Best Practice or even a Good Thing. I try to not make
    'baaaa' sounds (of bleating sheep) at such advocates as tempting as that
    is. Makes one wish the sounds Lemmings make was more well known.
    So many people don't want the personal cost of doing things securely,
    until they've been hit personally. <Sigh>


    Andy of
    KonecnyConsulting.ca in Toronto
    Knowledge Partner
    http://forums.novell.com/member.php/75037-konecnya
    If you find a post helpful and are logged in the Web interface, please
    show your appreciation by clicking on the star below. Thanks!