Help setting up a small office network

[davids]

Hi all. I have a small office network to set up but im not TOTALLY sure how to go about it! I was hoping to iron out a few points on here.

As Im sure you'll ask for the details; here is the current setup:

4 computers running XP pro, networked together as a workgroup.

I am planning to install a server and create a domain.

The part where I am getting stuck is the email.

Basically, they all need email access, now Im wondering should I just set everyone up with outlook, or should I setup exchange server? - is exchange swerver useful in this situation or not?

If anyone could give me some help I would greatly appreciate it.

Dave

 

[TypeX45]

Truthfully in your situation I would just set up outlook and forget exchange. It will save you money and resources.

 

[DelJo63]

Outlook has some nice features (calendar, tasks, contacts), but I strongly advise
you opt for a 3rd party email client (eg: Thunderbird). MS Outlook and Outlook
Express are so tightly coupled to the OS, they have too many security issues and
exposes your users to having the address book ripped off.

 

[vdvdvCurtis]

I agree withTypeX45, however i would suggest you use a Mail client such as Thunderbird, it is much more secure and use friendly, it would be my personal choice any day and ive converted a lot of people to using.

And that sounds like a nice little setup youve got going Good work

 

[davids]

Thanks all. I sort of understand where your coming from with outlook having security issues, however I may stick with it for now; purely because netwokring is so new to me that I dont want to create any extra elements that might cause trouble.

TypeX45
The customer wants to monitor all the emails flowing through the office, how could I best do this if I am setting up outlook on each machine? Would creating message rules be the easiest way? And can I easily lock down outlook so that the settings cant be changed??


Thanks for your help everyone.

 

[DelJo63]

The customer wants to monitor all the emails flowing through the office, how could I best do this if I am setting up outlook on each machine?

You will need a central point to monitor the email. Record keeping requirements
make this an ever important consideration. Solutions include:
1) an email proxy server between the users and the real POP3/SMTP service
2) an Exchange Server (assuming MS environment)

The 'client' should publish a policy on email usage and openly disclose that all
email to/from the office systems are monitored for business reasons.

 

[davids]

jobeard.

Thanks for the advice, if you have the time would you explain how I should go about creating a proxy server?

I will be using an MS environment, do I need exchange to create an email proxy, or can I do it another way?

Thanks in advance.

Dave

 

[DelJo63]

The concept of a proxy is shown in the attachment. Ususally, there is a unique
proxy for each service being controlled, due to the unique requirements of the
monitoring. EG: web browsers need only user+url accessed, while email may be
as extensive as, timestamp, sender, to-list, cc-list, bcc-list, subject, body of msg.

strictly speaking lan-segment-B does not need to be unique from A, but then
that allows any client to bypass the proxy and get straight to the internet

suggest you look(google) for a commercial email proxy product as they will
include the logging facility you need.

 

[davids]

Thanks Jobeard. I think I understand the diagram, So basically, every client has to go through the proxy server to get to the internet, I think that is more along the lines of what I had initially thought was the way to go, however I had sort of decided on having direct access to the internet (through a firewall obviously), but it was really just the mail I wanted to have coming through the server. Is this possible?

I have been researching it further today, and I have figured out/assumed that I need a fixed IP on the server, and a public domain name, and then I need to set the server up as the actual email server (for example the pop email server) is that right?

I also have another basic question: If I get a fixed ip address, that will be assinged to the WAN port on the router right? And that being the case, can I still keep the same private IP addresses on the server and workstations? And if so, when packets come in from the internet (with the public IP as their destination) how will they find their way to the right computer?

Hope this makes sense Jobeard

Thanks again for the help

Dave.

 

[DelJo63]

Thanks Jobeard. I think I understand the diagram, So basically, every client has to go through the proxy server to get to the internet, I think that is more along the lines of what I had initially thought was the way to go, however I had sort of decided on having direct access to the internet (through a firewall obviously), but it was really just the mail I wanted to have coming through the server. Is this possible?

yes-no.
you can setup the email as the only proxy BUT, if all else goes directly to the
gateway, then your only hope to enforce the usage of the proxy is to lockdown
the email client settings. You can still use the diagram and the A/B lan segments
by just having the email ports(25,110) forward to the proxy machine and
the default forward to the last firewall.

I have been researching it further today, and I have figured out/assumed that I need a fixed IP on the server, and a public domain name, and then I need to set the server up as the actual email server (for example the pop email server) is that right?

yes. this gives you FULL control
by setting up the POP3 and SMTP servers. you may be able to configure the
monitoring directly in each of them.

I also have another basic question: If I get a fixed ip address, that will be assinged to the WAN port on the router right? And that being the case, can I still keep the same private IP addresses on the server and workstations? And if so, when packets come in from the internet (with the public IP as their destination) how will they find their way to the right computer?

If you need a fixed(static) IP, you will get it attached to the port
that accesses your ISP; usually your modem. the modem attaches to a router,
giving you NAT support (off the LAN ports) and the gateway to the Internet on its WAN port.

 

[davids]

Thanks Jobeard, I appreciate the help.

Im going to TRY and set up a test machine over the next few days, and hopefully get the email going, so I will post back here with the results, and maybe have a stab at setting up the internet proxy as well, can that be acheived using features available in server 2003? And is it easy to go about?

I will post back again when I have the email gateway running.

Thanks again

Dave

 

[davids]

Hi again all.

Hope you'll get this message despite the thread being a few days old.

I am still messing around with this network setup, basically I am trying to get remote desktop connection working, as a practise in port forwarding:

I have setup a rule on my dlink router, to forward port 3389 to my LAN 192.168.1.3 (the computer i want to remotely connect to).

Then i trying remotly connecting (usuing the WAN ip address) from a computer outside the network, but it doesnt work.

Any ideas what im doing wrong? incidently i trying it the other way round and it worked ok...

Thanks in advance

 

[tipstir]

Hi again all.

Hope you'll get this message despite the thread being a few days old.

I am still messing around with this network setup, basically I am trying to get remote desktop connection working, as a practise in port forwarding:

I have setup a rule on my dlink router, to forward port 3389 to my LAN 192.168.1.3 (the computer i want to remotely connect to).

Then i trying remotly connecting (usuing the WAN ip address) from a computer outside the network, but it doesnt work.

Any ideas what im doing wrong? incidently i trying it the other way round and it worked ok...

Thanks in advance

The best thing you could do is set-up a local domain instead of a workgroup. I've done here at home to match what I do at work in a corporate america.

What you could do right now is take your ISP IP Address you have and make it a dyndns.org account. This process is free and what would happen is that you would have something liket this:

david.homeip.net:5800

I say 5800 port should be open and install Ultra VNC on the PC you want to connect to via remote location. This will work I do many times.

Ultra VNC is freeware
dyndns is free for one ISP IP address makes your IP 33.33.33.33 into web address name.

First thing you need to do is setup a free account with dyndns.org. The instructions on that site also. You'll to run a program that will keep your IP address current for what your ISP give you. The program is also free what it does "dyndns updater keep the IP address updated. Now your Dlink router might have this feature in there already but you have to check it out.

Next is to install Ultra VNC it comes in two parts client and server. Once you install it reboot the PC

Also install it on a remote PC also. There is info about doing this on that site for Ultra VNC.

For your other problem you first posted I would get MS Windows Server 2003 for Small Business Premium which has MS Outlook 2003 Web, MS Exchange 2003 and everything else you need. This if you want to spend the money for it though. I would stick to your workgroup for now..

 

[DelJo63]

I have setup a rule on my dlink router, to forward port 3389 to my LAN 192.168.1.3 (the computer i want to remotely connect to).

Then i trying remotly connecting (usuing the WAN ip address) from a computer outside the network, but it doesnt work.

you need a firewall rule on the 192.168.1.3 machine that

allow in/out tcp from x port 3389​

X is either ANY machine or a specific ip-address