Hi All.

I'm a new Astaro user and am loving it so far.
I would like to know if there's a step by step guide on setting up OWA and OA so I can publish it to the outside world.

I currently have this in place on an ISA server but am not sure where to start with the Astaro appliance.

Appreciate any advice that you guys (and gals) can provide

The 'Hostname' of the Astaro should be the FQDN that resolves to the IP of the external interface of your Astaro. Our standard is: mail.domainname.com.

Put an additional address on the external interface named, for example: Outlook. Have a new DNS record created that points to it. Our standard is: outlook.domainname.com.

Create a DNAT rule:

Traffic Source: Any
Traffic Service: HTTPS
Traffic Destination: Outlook (Address)
NAT mode: DNAT (Destination)
Destination: [Host definition of OWA/OMA server]
Destination Service: [leave blank]
Automatic packet filter rule: checked

Create a DNS entry either in your internal DNS server or on the 'Static Entries' tab of 'DNS' in the Astaro: 'outlook.domainname.com->[Host definition of OWA/OMA server]'. Now you can access OWA from inside or outside with: https://outlook.domainname.com/

Cheers - Bob

__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!

Thanks Bob
I'll give this a go this evening when I'm home to see if it'll work

digging up an old thread here.
I'm doing the same thing, using outlook anywhere for external users to connect (instead of using a VPN).
Only problem is, i'm using the daily spam report but users can't release the mails because the spam report uses the internal ip address.
How would I solve this?

On the 'Advanced' tab, use a hostname of the FQDN of the Astaro's External interface; in the example above, that was mail.domainname.com.

Then, in your internal DNS create a forward lookup zone for domainname.com and add an A-record for mail (per our example) pointing to the IP of Internal (Address). Alternatively, if your users can get DNS from the Astaro, you can create a static entry in the Astaro DNS Proxy.

Now, inside the network, the FQDN resolves to "Internal (Address)" and outside the Astaro, public nameservers resolve it to "External (Address)."

Cheers - Bob

__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!

thanks Bob. I'm on V6, but I found what you meant in the proxy content manager.
I assume I need to open port 3840 on the astaro as well?
Also, I now only allow spam release requests from the eth0 network. Do I need to add 'any'?

I'm not sure I entirely understand what you mean.

The url's now are in the form of
http://192.168.100.254:3840/release....0dL-K6&s=10804,
192.168.100.254 is the internal IP of my astaro box.
192.168.100.170 is the internal IP of my mail server.
My FQDN is mail.domain.com which points to my public IP.
So I now use the hostname of mail.domain.com for my spam release mails.
I'll get mails in the form of
http://mail.domain.com:3840/release....0dL-K6&s=10804
I then make a forward lookup zone with A-record for mail.domain.com that I point to 192.168.100.254, correct?

Now, that wouldn't that pose a problem for OWA users? They now use https://mail.domain.com/exchange to connect to my OWA server.
When a user would do that inside my internal network, that would no longer work since he would be pointing to the astaro box at https://192.168.100.254/exchange and no longer to the mail server on https://192.168.100.170/exchange , no?

That is correct.

This approach works when you follow the instructions in post #2 above, resulting in your users going to https://outlook.domain.com/exchange. You need an additional A record for that that points to .100.170.

Cheers - Bob

__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!

thanks, that makes sense. I totally overlooked that earlier. Thanks again.

One last thing
My users are already used to the mail.domain.com/exchange so I'd rather not have them switch.
I suppose there is no objection to name my astaro box something.domain.com, as long as that subdomain exists in public dns?
That way I would use something.domain.com as hostname to release the spam mails and it would allow me to keep mail.domain.com pointing to my internal mailserver.

Conceptually, your MX record should point at the primary IP on the External interface, and OWA accesses should go over an 'Additional Address'. There are other complications you will run into as you grow with the Astaro if you don't get that basic thing right - Enduser Portal and VPN among them.

I can see two possible solutions from this point, and the choice depends on which you think would have the least impact on users in your situation:

1. This probaly is best if the users have no other programs that depend on resolving mail.domain.com to the primary address on your External interface.

• Create a new DNS A record "post.domain.com" which also points at the primary address on your Astaro's External interface.
• Create a new MX record pointing to post.domain.com with a higher priority (lower number) than your current MX record.
• Once that has propagated around the world (What's My DNS? Global DNS Propagation Checker), put an 'Additional Address' on the Astaro and create the DNAT as in post #2 above. Now, change your DNS record for mail.domain.com to point at this new IP.
• Once that change has propagated, you can delete the DNAT you originally had for "External (Address)" and make the appropriate changes in your local DNS.

2. Use the approach as in #2 and #7, and ask your users to change to https://Outlook.domain.com/exchange/

In both cases, you finish by deleting the current NAT rule you have that captures all HTTPS traffic aimed at the primary IP address on your External interface. That will allow you easily to setup the End User Portal (lets the users manage their own email whitelists!) and an SSL VPN when you're ready.

Cheers - Bob

__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!