RE: SMTP Service in private DMZ OK?
From: Jolyon Wharton (j-wharton_at_epyx.co.uk)
Date: 01/15/04
- Previous message: Mike Lyman: "Re: SMTP Service in private DMZ OK?"
- Maybe in reply to: A. Bluecoat: "SMTP Service in private DMZ OK?"
- Next in thread: H Carvey: "Re: SMTP Service in private DMZ OK?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 15 Jan 2004 10:05:38 -0000 To: "A. Bluecoat" <abluecoat@hotmail.com>, <focus-ms@securityfocus.com>
Hello,
You really need to ensure that it does not become an open relay. Are
you going to use IIS to do this job? If so then within the SMTP server
properties -> Relay Restriction setting un tick the option 'Allow all
computers which successfully athenticate to relay, regardless of the
list above'. It also an idea to allow it only to relay through
127.0.0.1. If you have any doubts about relaying then you can check you
relay host using http://www.ordb.org/
Regards
Jolyon Wharton
Software Development Executive
-----Original Message-----
From: A. Bluecoat [mailto:abluecoat@hotmail.com]
Sent: 13 January 2004 23:14
To: focus-ms@securityfocus.com
Subject: SMTP Service in private DMZ OK?
Hi all,
What kind of trouble can I get into by installing the SMTP service on a
W2K
server in a private DMZ (double hop DMZ)? It'll be used for a web app.
Can
it be used as a relay? Is there some way to secure it? The box is
already
hardened to live in a DMZ. Thanks for any info.
_________________________________________________________________
Get a FREE online virus check for your PC here, from McAfee.
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
------------------------------------------------------------------------
--- ------------------------------------------------------------------------ --- ******************************************************************************************** This e-mail, including any files transmitted with it, is confidential and intended solely for the individuals to whom it is addressed. If you have received this e-mail in error, then please notify the epyx Product Support Team on 08700 11 88 00. Although all incoming and outgoing messages are scanned for viruses, epyx Limited (including it's subsidiaries and divisions) will not be held responsible for any damage caused either directly or indirectly from this e-mail or any of it's attachments. Any views expressed in this e-mail are those of the sender and not necessarily that of epyx Limited (including it's subsidiaries and divisions). epyx Limited. ******************************************************************************************** --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: Mike Lyman: "Re: SMTP Service in private DMZ OK?"
- Maybe in reply to: A. Bluecoat: "SMTP Service in private DMZ OK?"
- Next in thread: H Carvey: "Re: SMTP Service in private DMZ OK?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
