Re: SMTP Service in private DMZ OK?

From: Mike Lyman (mlyman-security_at_comcast.net)
Date: 01/15/04

Next message: Jolyon Wharton: "RE: SMTP Service in private DMZ OK?"

Previous message: Kayne Ian (Softlab): "RE: application whitelisting (was RE: Active Directory Question)"
In reply to: A. Bluecoat: "SMTP Service in private DMZ OK?"
Next in thread: Random Task: "Re: SMTP Service in private DMZ OK?"
Reply: Random Task: "Re: SMTP Service in private DMZ OK?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: focus-ms@securityfocus.com
Date: Wed, 14 Jan 2004 17:23:34 -0600

On Tue, 2004-01-13 at 17:14, A. Bluecoat wrote:
> What kind of trouble can I get into by installing the SMTP service on a W2K
> server in a private DMZ (double hop DMZ)? It'll be used for a web app. Can
> it be used as a relay? Is there some way to secure it? The box is already
> hardened to live in a DMZ. Thanks for any info.

If you are talking about Window 2000 and beyond, it's locked down
against relaying by default.

I don't recall any SMTP service issues in the past but making sure
you're up to date won't hurt.

This is a pretty robust service. Exchange does not replace with its own
when you install Exchange. It uses the one that comes with Windows 2000.

-- 
Mike Lyman <mlyman-security@comcast.net>
---------------------------------------------------------------------------
---------------------------------------------------------------------------

Next message: Jolyon Wharton: "RE: SMTP Service in private DMZ OK?"

Previous message: Kayne Ian (Softlab): "RE: application whitelisting (was RE: Active Directory Question)"
In reply to: A. Bluecoat: "SMTP Service in private DMZ OK?"
Next in thread: Random Task: "Re: SMTP Service in private DMZ OK?"
Reply: Random Task: "Re: SMTP Service in private DMZ OK?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]