Thank you for all your replies. I'd liket to know if someone has tried to use "allow bind_v2" for LDAP authentication with Brightmail and has he succeeded ?
Thanks, Michael. "Christopher Jones" <[EMAIL PROTECTED] ress.com> A Envoyé par : <IMail_Forum@list.ipswitch.com> [EMAIL PROTECTED] cc ist.ipswitch.com Objet RE: Re[2]: [IMail Forum] IMAIL / 02/12/2005 06:18 OPENLDAP and allow bind_v2 Veuillez répondre à [EMAIL PROTECTED] switch.com We're in IT...I think we're expected to be tired!! Haha I never had any grey hairs until I started working here...haha -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Friday, 2 December 2005 4:05 PM To: IMail_Forum@list.ipswitch.com Subject: Re: Re[2]: [IMail Forum] IMAIL / OPENLDAP and allow bind_v2 Sorry, dude. Didn't mean to offend. Just tired... Darin. ----- Original Message ----- From: "Christopher Jones" <[EMAIL PROTECTED]> To: <IMail_Forum@list.ipswitch.com> Sent: Thursday, December 01, 2005 11:36 PM Subject: RE: Re[2]: [IMail Forum] IMAIL / OPENLDAP and allow bind_v2 Congratulations....because this is "stating the obvious" to you, then I'm not allowed to say it? This is a forum...it's not "Darin's world". If you don't like it...then don't read it the message and...definitely don't reply. This is just silly -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Friday, 2 December 2005 3:17 PM To: IMail_Forum@list.ipswitch.com Subject: Re: Re[2]: [IMail Forum] IMAIL / OPENLDAP and allow bind_v2 Yes, that is the definition of a DMZ. This is all just stating the obvious... Darin. ----- Original Message ----- From: "Christopher Jones" <[EMAIL PROTECTED]> To: <IMail_Forum@list.ipswitch.com> Sent: Thursday, December 01, 2005 11:06 PM Subject: RE: Re[2]: [IMail Forum] IMAIL / OPENLDAP and allow bind_v2 When I refer to a DMZ...I mean that traffic from the Internet is first routed to a network that is separated from your internal network by the perimeter firewall and the mail is, at the very least, virus scanned. I for one don't want to allow any email viruses at all into my internal network and hope that Imail will pick them up, because if it doesn't, the mail ends up straight in the users mailboxes and then is downloaded to their desktops. If I can stop those threats before it reaches my internal network then I am a happy man. In the 3 years I have been working in this position we have not been infected with a single email-borne virus. And I completely put that down to filtering the emails before they reach our internal network. Chris -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Friday, 2 December 2005 10:39 AM To: IMail_Forum@list.ipswitch.com Subject: Re: Re[2]: [IMail Forum] IMAIL / OPENLDAP and allow bind_v2 Don't know how a DMZ by itself helps this any. Do you mean a gateway should be filtering the email before it hits the mail server? What about the gateway? It's exposed. Bottom line is for mail to be delivered, something has to be exposed to the internet so the connection can be made for delivery, so I'm not really sure what you mean about not allowing unfiltered traffic to get to the mail server. Many of us use software on the primary mail server, or another mail server acting as a gateway, to perform the filtering, with the software plugged into the mail processing chain of events, so one or more ports on that server are always exposed to the internet. I think the point you're really getting at is that exposed servers should be located in a DMZ, so that if they were compromised the intrusion is limited to the DMZ and the internal network is still protected. I think most of the people on this list already understand that, so making a point of it seems, well, pointless. Darin. ----- Original Message ----- From: "Christopher Jones" <[EMAIL PROTECTED]> To: <IMail_Forum@list.ipswitch.com> Sent: Thursday, December 01, 2005 5:59 PM Subject: RE: Re[2]: [IMail Forum] IMAIL / OPENLDAP and allow bind_v2 Sandy, I agree that it's better to have those options than not at all...and as you suggest, I definitely don't use them. But what I am opposed to is allowing email from the internet directly in through the firewall to an server that is in your internal corporate network that is running Imail without doing any scanning on the emails at all before they enter your network. That's what I am trying to get at...that I personally can't understand why people would want to allow unfiltered content directly into their internal network. Imail 2006 is only brand new....and I don't understand how any of us can be sure that there are no possible flaws that could allow Imail to be manipulated into allowing access to your network. I'm sorry if my last message sounded rude and harsh...but from a security stand-point, Network Security 101 states you should be using a DMZ to filter all traffic before letting it into your network. That's what I was getting at. Chris -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sanford Whiteman Sent: Friday, 2 December 2005 9:24 AM To: Christopher Jones Subject: Re[2]: [IMail Forum] IMAIL / OPENLDAP and allow bind_v2 > And the new features in Imail 2006 to stop dictionary attacks are > almost pointless....because they simply reduce the connections from > the IP address that is sending them mail. How else would you expect dictionary attack prevention to work? It's an MX protection mechanism. > Who in their right mind would allow all email from the internet > directly into their network and the fist server it touches is > Imail????? That's one of the biggest no-no's in IT Security. Ah, gimme a break. IMail is used as an MX at thousands of sites. Whether it's advisable to have _any_ mailbox server also the MX is a non-issue here, although IMail's SMTPD has historically been particularly ill-suited. Obviously, the anti-spam features that relate to envelope-level filtering are designed for those deployments in which IMail is the indeed the MX, and the SMTPD is tons better now than it's ever been. > Allow mail directly in from the Internet to your internal server > running Imail is just asking for trouble.... If you're so opposed to it, don't do it. But you can't fault a product for offering features that are usable in the real world, even if you don't like that real world. --Sandy ------------------------------------ Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release / Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/downloa d/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/re lease/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/