Howdy, Quick Question: Does anyone use the MS Exchange Inter-Organization Replication Tool and if so, do they use Port 135 or another way of replicating free/busy info? If you use 135, how do you secure it? Thanks for all replies.

If you are using this tool in the first place, it should be used within a trusted network. Otherwise using it across two organizations, the connection between the two sites should be secured by a something like VPN. Other options would be to do something like an IPSec policy. - Chris

Chris Calderon wrote: If you are using this tool in the first place, it should be used within a trusted network. Otherwise using it across two organizations, the connection between the two sites should be secured by a something like VPN. Other options would be to do something like an IPSec policy. - Chris Thanks for your reply Chris! The information we received from an external consultant is the following: We should replicate both Exchange servers (of both parties) in a DMZ and then use the tool. Since we think that this might be overkill we looked into the useage of the tool and came up with a restricted number of ports (3, among which port 135). The 2 servers will only be allowed communication on specific IP addresses so there may be a residual risk of someone internal within either organization spoofing the IP address and creating a DOS-attack. Port useage and IP-security would be controlled by the firewalls. Any comments on this setup ?