Re: Exchange question
From: stefmit (stefmit_at_comcast.net)
Date: 11/15/03
- Previous message: Thor: "Re: New Microsoft Exchange Server Vulnerability"
- In reply to: Tom Burns: "Exchange question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: focus-ms@securityfocus.com Date: Sat, 15 Nov 2003 11:43:37 -0600
I would think of this being a common practice, actually. For instance: we have
a few servers in the DMZ: some as MX records for the domain, running just
Antivirus software, forwarding to a second "mail server layer" running
Praetor for email filtering, then this one forwarding "inside" to a
centralized MSExchange server, which handles email-mailboxes for the LAN it
is servicing ("local" Outlook clients), and distributing also the incoming
external email to remote MSExchange servers on other LANs (via its
proprietary connectors this time, not SMTP), throughout the world. So - in a
sense - the inbound is multi-layer up to a central "hub", then distributed to
remotes via non-SMTP mechanisms.
Outbound - all remote MSExchange servers deliver through SMTP servers placed
in various locations, on their DMZ's (more of a regional consolidation of
outbound SMTPs, i.e. Asia, Europe, US, etc.), so yet another multi-layered
(continent-hub-and-spoke, if you will) system.
For various intensive tasks (e.g. updates of data/information for customers,
consisting of possibly tens or hundreds of thousands of emails at once) we
have other mail servers, strictly specialized for these tasks (so that they
won't slow down the MSExchange->regular outbound SMTP servers).
If it matters to you: the software for all SMTP servers used to be Sendmail,
running either on MS Windows or Linux machines, but we are in the process of
migrating them now to Linux only, running Postfix (much cleaner configuration
and ease of use, plus higher ratio performance/hardware configuration).
HTH,
Stef
On Friday 14 November 2003 07:56 am, Tom Burns wrote:
> Thanks to everyone for the help on my SMTP issue.
>
> One thing that was brought up is that NDR's can be used to relay (the
> spammer uses NDR's to forward the message content by using the mail
> from: email@address.com) I think that we will be seeing more of this
> type of relaying going on- it sends a message back to the address in the
> from block.
>
> Anyone setup a double SMTP setup in there network? Ie. exchange only
> receives messages from the 2nd SMTP that is out on the net and the 2nd
> server relays the message internally from the outside?
---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_focus-ms_031027
and use priority code SF4.
---------------------------------------------------------------------------
- Previous message: Thor: "Re: New Microsoft Exchange Server Vulnerability"
- In reply to: Tom Burns: "Exchange question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
