Re: Protecting an Exchange server?
From: Joe Polk (listuser_at_javelinux.com)
Date: 05/14/04
- Previous message: Paul Kurczaba: "Re: NTLMv2 on RAS"
- In reply to: Mark G. Spencer: "Protecting an Exchange server?"
- Next in thread: Sanjay K. Patel: "RE: Protecting an Exchange server?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Mark G. Spencer" <mspencer@evidentdata.com>, <security-basics@securityfocus.com> Date: Fri, 14 May 2004 15:07:43 -0300
You actually would want this:
Internet -> Firewall -> Email gateway -> Exchange
In this scenerio, a port is opened on the Firewall to the gateway. This, in
Exchange terms, is called a "smart host" setup. You could easily do this with
another SMTP server, say like Sendmail on a Linux server, so that all mail
crosses that server. This has not only the advantage you are looking for, but
also the ability to use RBL/SBL spam protection and you could even add
SpamAssassin to it. Of course, you could use an appliance too.
<<JAV>>
---------- Original Message -----------
From: "Mark G. Spencer" <mspencer@evidentdata.com>
To: <security-basics@securityfocus.com>
Sent: Thu, 13 May 2004 10:51:56 -0700
Subject: Protecting an Exchange server?
> Hello,
>
> I'm wondering if there is any way to locate an Exchange server on my
> internal network and place some kind of email appliance on our DMZ to
> actually send and receive email to the world and to the Exchange
> server on my internal network?
>
> Basically, I don't want my Exchange server to be accessible to the
> world in any way.
>
> So ..
>
> Internet -> My Email Appliance -> Firewall -> Exchange Server
>
> I envision setting up a dedicated route in the firewall between the email
> appliance out on the Internet and my Exchange server behind the
> firewall on my local network?
>
> Are there any email appliances that can work with Exchange in this way?
> It's my (limited) understanding that Exchange server can't "pop" to another
> email server to pull each Exchange users email, so I'm not sure
> exactly how or if my plan could be put into action.
>
> Thanks,
>
> Mark
>
> ---------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. Mention this ad and get
> $545 off any course! All of our class sizes are guaranteed to be 10
> students or less to facilitate one-on-one interaction with one of
> our expert instructors. Attend a course taught by an expert
> instructor with years of in-the-field pen testing experience in our
> state of the art hacking lab. Master the skills of an Ethical Hacker
> to better assess the security of your organization. Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ----------------------------------------------------------------------------
------- End of Original Message -------
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
- Previous message: Paul Kurczaba: "Re: NTLMv2 on RAS"
- In reply to: Mark G. Spencer: "Protecting an Exchange server?"
- Next in thread: Sanjay K. Patel: "RE: Protecting an Exchange server?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
