Publishing Exchange Outlook Web Access Securely
One of the most common questions I am asked is how to securely put an Exchange 2000 or 2003 Outlook Web Access (OWA) server on to the Internet.
Microsoft has published a guide for using Front-End / Back-End servers called the Exchange Server 2003 and Exchange 2000 Server Front-End and Back-End Topology whitepaper.
In this document, you will also find more information about using a reverse proxy server such as Microsoft's ISA Server. This is the most secure way to publish OWA to the Internet, since it helps to completely obscure Windows Internet Information Server (IIS) from hostile attacks. If you do decide to use the ISA server approach, see Dr. Thomas Shinder's whitepapers and book on setting up ISA server. He has a tutorial in his ISA / Exchange deployment documents that is very helpful.