Re: Protecting an Exchange server?

From: Joe Polk (listuser_at_javelinux.com)
Date: 05/14/04

  • Next message: Sanjay K. Patel: "RE: Protecting an Exchange server?"
    To: "Mark G. Spencer" <mspencer@evidentdata.com>, <security-basics@securityfocus.com>
    Date: Fri, 14 May 2004 15:07:43 -0300
    
    

    You actually would want this:

    Internet -> Firewall -> Email gateway -> Exchange

    In this scenerio, a port is opened on the Firewall to the gateway. This, in
    Exchange terms, is called a "smart host" setup. You could easily do this with
    another SMTP server, say like Sendmail on a Linux server, so that all mail
    crosses that server. This has not only the advantage you are looking for, but
    also the ability to use RBL/SBL spam protection and you could even add
    SpamAssassin to it. Of course, you could use an appliance too.

    <<JAV>>

    ---------- Original Message -----------
    From: "Mark G. Spencer" <mspencer@evidentdata.com>
    To: <security-basics@securityfocus.com>
    Sent: Thu, 13 May 2004 10:51:56 -0700
    Subject: Protecting an Exchange server?

    > Hello,
    >
    > I'm wondering if there is any way to locate an Exchange server on my
    > internal network and place some kind of email appliance on our DMZ to
    > actually send and receive email to the world and to the Exchange
    > server on my internal network?
    >
    > Basically, I don't want my Exchange server to be accessible to the
    > world in any way.
    >
    > So ..
    >
    > Internet -> My Email Appliance -> Firewall -> Exchange Server
    >
    > I envision setting up a dedicated route in the firewall between the email
    > appliance out on the Internet and my Exchange server behind the
    > firewall on my local network?
    >
    > Are there any email appliances that can work with Exchange in this way?
    > It's my (limited) understanding that Exchange server can't "pop" to another
    > email server to pull each Exchange users email, so I'm not sure
    > exactly how or if my plan could be put into action.
    >
    > Thanks,
    >
    > Mark
    >
    > ---------------------------------------------------------------------------
    > Ethical Hacking at the InfoSec Institute. Mention this ad and get
    > $545 off any course! All of our class sizes are guaranteed to be 10
    > students or less to facilitate one-on-one interaction with one of
    > our expert instructors. Attend a course taught by an expert
    > instructor with years of in-the-field pen testing experience in our
    > state of the art hacking lab. Master the skills of an Ethical Hacker
    > to better assess the security of your organization. Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    > ----------------------------------------------------------------------------
    ------- End of Original Message -------

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------


  • Next message: Sanjay K. Patel: "RE: Protecting an Exchange server?"