This book is stock full of potent tidbits that are darn hard to find anywhere; I know because I was scavenging the net, MS articles, several books, etc. for eons and I couldn't find any adequate material that can help me secure Exchange 2k3. Thus far, thanks to this book, I was able encrypt IMAP, POP, and OWA (Outlook Web Access) traffic. I am still working on the RPC over HTTP bit, but definitely a lot further along in the process thanks to this book.
Though despite my delight with the book, there are some short-comings that I would like to highlight:
- no coverage of client configuration
- no mention of secure ports used (non-obvious to us newbies)
- no mention how to get rid of pesky Un-trusted cert message in Outlook
- public folders no longer accessible after turning on SSL/TLS (IMAP only issue as POP cannot access folders in general)
- no mention of SPA for IMAP/POP and Exchange 2k3 setup (maybe not possible)
- works like a charm, but should mention that port 443 needs to be opened on the firewall if applicable (though this is a no-brainer)
RPC over HTTP configuration
- instructions not completely applicable to Exchange 2k3 SP1 as this portion is now integrated into Exchange UI, rather than IIS
- mention of configuring RPC ports for GC, DS, Store is for "multiserver Exchange environment" according to authors. However, MS's "Exchange Server 2003 RPC over HTTP Deployment Scenarios" has this as a requirement for single server setup.
- think the Exchange UI interface lies to me, as spammers having field day; couldn't readily discern how to open outbound up for a list of users, and open inbound to list of users. :-)
- What is Authenticated Users group. In practice, this seems to be everyone.
IMF spam filter
- book is outdated as IMF is now free for all to enjoy, not just SA members
I looked at the electronic support site for any updates, and there was nothing. The support site is abysmal, bad URLs, little author participation, no updates, etc.
Overall, great book, despite any faults, this book is so resourceful and accurate and doesn't have fluff that many computer books have these days.
My one wish there could be a another updated version (PDF book :) available to users that bought it. Hey, I can wish can't I!!