RE: SMTP Service in private DMZ OK?

From: Jolyon Wharton (j-wharton_at_epyx.co.uk)
Date: 01/15/04

  • Next message: Thomas Kerbl: "Disable NTLM on W2k"
    Date: Thu, 15 Jan 2004 10:05:38 -0000
    To: "A. Bluecoat" <abluecoat@hotmail.com>, <focus-ms@securityfocus.com>
    
    

    Hello,

    You really need to ensure that it does not become an open relay. Are
    you going to use IIS to do this job? If so then within the SMTP server
    properties -> Relay Restriction setting un tick the option 'Allow all
    computers which successfully athenticate to relay, regardless of the
    list above'. It also an idea to allow it only to relay through
    127.0.0.1. If you have any doubts about relaying then you can check you
    relay host using http://www.ordb.org/

    Regards
    Jolyon Wharton
    Software Development Executive

    -----Original Message-----
    From: A. Bluecoat [mailto:abluecoat@hotmail.com]
    Sent: 13 January 2004 23:14
    To: focus-ms@securityfocus.com
    Subject: SMTP Service in private DMZ OK?

    Hi all,

    What kind of trouble can I get into by installing the SMTP service on a
    W2K
    server in a private DMZ (double hop DMZ)? It'll be used for a web app.
    Can
    it be used as a relay? Is there some way to secure it? The box is
    already
    hardened to live in a DMZ. Thanks for any info.

    _________________________________________________________________
    Get a FREE online virus check for your PC here, from McAfee.
    http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

    ------------------------------------------------------------------------

    ---
    ------------------------------------------------------------------------
    ---
    ********************************************************************************************
    This e-mail, including any files transmitted with it, is confidential and intended solely for the individuals to whom it is addressed.
    If you have received this e-mail in error, then please notify the epyx Product Support Team on 08700 11 88 00.
    Although all incoming and outgoing messages are scanned for viruses, epyx Limited (including it's subsidiaries and divisions) will not be held responsible for any damage caused either directly or indirectly from this e-mail or any of it's attachments. 
    Any views expressed in this e-mail are those of the sender and not necessarily that of epyx Limited (including it's subsidiaries and divisions). 
    epyx Limited.
    ********************************************************************************************
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    

  • Next message: Thomas Kerbl: "Disable NTLM on W2k"