RE: E-Mail gateway on IIS.
From: Timothy Whisnant (TimothyWhisnant_at_MCBS.com)
Date: 06/13/05
- Previous message: Mario Platt: "Re: RunAs"
- Maybe in reply to: Jitendra Kalyankar: "E-Mail gateway on IIS."
- Next in thread: Meni Milstein: "RE: E-Mail gateway on IIS."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Jitendra Kalyankar <jitendra.kalyankar@gmail.com>, "focus-ms@securityfocus.com" <focus-ms@securityfocus.com> Date: Mon, 13 Jun 2005 11:12:25 -0400
I would recommend using separate servers for email and web publishing (if
the company budget is there). If the webserver is compromised, then email
services are still available (vice-versa).
Since I'm guessing that the webserver is visible to the public, it is highly
open to attack. It is a matter of the traffic that is allowed to pass to
each machine (I'm hoping that it is firewalled in some way). Since you would
have more ports open for these services (http, maybe ssl and various email),
you are allowing more avenues of attack. If you only allow certain traffic
to reach these machines, then you are reducing the list of vulnerabilities.
However, if you are comfortable with your deployment of the email server/web
server, lock down ports/services on the machine, audit the event logs and
let it go. Time will tell.
Sincerely,
Timothy Whisnant
E-mail: timothywhisnant_AT_mcbs.com
-----Original Message-----
From: Jitendra Kalyankar [mailto:jitendra.kalyankar@gmail.com]
Sent: Monday, June 13, 2005 7:27 AM
To: focus-ms@securityfocus.com
Subject: E-Mail gateway on IIS.
MS Gurus -
I have on question about the e-mail gateway. I am working with this company
where company has webserver as well as E-Mail gateway on the same server.
Let me know if this will create any security risks. In other words is it
recommanded that you need to have seperate webserver and e-mail gateway
servers.
Any inputs on this are highly appreciated.
-- Thanks, Jitendra Kalyankar --------------------------------------------------------------------------- --------------------------------------------------------------------------- [This e-mail message and any attached files are confidential and are intended solely for the use of the addressee(s) named above. This communication may contain material protected by attorney-client, work product, or other privileges. If you are not the intended recipient or person responsible for delivering this confidential communication to the intended recipient, you have received this communication in error, and any review, use, dissemination, forwarding, printing, copying, or other distribution of this e-mail message and any attached files is strictly prohibited. If you have received this confidential communication in error, please notify the sender immediately by reply e-mail message and permanently delete the original message. If you are unable to reach a recipient at this email domain (mcbs.com or brownrad.com) please contact a member of the Computer Support team by calling MCBS, LLC. at (706)-737-4575 or (800)-774-4575 or emailing support@mcbs.com.] --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: Mario Platt: "Re: RunAs"
- Maybe in reply to: Jitendra Kalyankar: "E-Mail gateway on IIS."
- Next in thread: Meni Milstein: "RE: E-Mail gateway on IIS."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
