RE: Protecting an Exchange server?
From: Depp, Dennis M. (deppdm_at_ornl.gov)
Date: 05/15/04
- Previous message: VNV Jeep: "Reasons for blocking webmail access in the workplace..."
- Maybe in reply to: bob martin: "Protecting an Exchange server?"
- Next in thread: Peter Mueller: "RE: Protecting an Exchange server?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 14 May 2004 18:52:55 -0400 To: Joe Polk <listuser@javelinux.com>, "Mark G. Spencer" <mspencer@evidentdata.com>, security-basics@securityfocus.com
Joe,
I think Mark had it correct the first time. It is not a good practice
to allow traffic from the internet to go directly to your internal
network. Having an intermediary in front of the firewall is the best
bet. Of course a better solution would be to have two firewalls. One
to protect your email gateway from the internet and the other to protect
your internal network.
Denny
-----Original Message-----
From: Joe Polk [mailto:listuser@javelinux.com]
Sent: Friday, May 14, 2004 2:08 PM
To: Mark G. Spencer; security-basics@securityfocus.com
Subject: Re: Protecting an Exchange server?
You actually would want this:
Internet -> Firewall -> Email gateway -> Exchange
In this scenerio, a port is opened on the Firewall to the gateway. This,
in Exchange terms, is called a "smart host" setup. You could easily do
this with another SMTP server, say like Sendmail on a Linux server, so
that all mail crosses that server. This has not only the advantage you
are looking for, but also the ability to use RBL/SBL spam protection and
you could even add SpamAssassin to it. Of course, you could use an
appliance too.
<<JAV>>
---------- Original Message -----------
From: "Mark G. Spencer" <mspencer@evidentdata.com>
To: <security-basics@securityfocus.com>
Sent: Thu, 13 May 2004 10:51:56 -0700
Subject: Protecting an Exchange server?
> Hello,
>
> I'm wondering if there is any way to locate an Exchange server on my
> internal network and place some kind of email appliance on our DMZ to
> actually send and receive email to the world and to the Exchange
> server on my internal network?
>
> Basically, I don't want my Exchange server to be accessible to the
> world in any way.
>
> So ..
>
> Internet -> My Email Appliance -> Firewall -> Exchange Server
>
> I envision setting up a dedicated route in the firewall between the
> email appliance out on the Internet and my Exchange server behind the
> firewall on my local network?
>
> Are there any email appliances that can work with Exchange in this
way?
> It's my (limited) understanding that Exchange server can't "pop" to
> another email server to pull each Exchange users email, so I'm not
> sure exactly how or if my plan could be put into action.
>
> Thanks,
>
> Mark
>
> ----------------------------------------------------------------------
> ----- Ethical Hacking at the InfoSec Institute. Mention this ad and
> get
> $545 off any course! All of our class sizes are guaranteed to be 10
> students or less to facilitate one-on-one interaction with one of our
> expert instructors. Attend a course taught by an expert instructor
> with years of in-the-field pen testing experience in our state of the
> art hacking lab. Master the skills of an Ethical Hacker to better
> assess the security of your organization. Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ----------------------------------------------------------------------
> ------
------- End of Original Message -------
------------------------------------------------------------------------
--- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
- Previous message: VNV Jeep: "Reasons for blocking webmail access in the workplace..."
- Maybe in reply to: bob martin: "Protecting an Exchange server?"
- Next in thread: Peter Mueller: "RE: Protecting an Exchange server?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
