RE: Re[2]: [IMail Forum] IMAIL / OPENLDAP and allow bind_v2

michael . decamps Fri, 02 Dec 2005 03:03:19 -0800

Thank you for all your replies.

     I'd liket to know if someone has tried to use "allow bind_v2" for LDAP
authentication with Brightmail and has he succeeded  ?


Thanks,

Michael.




                                                                           
           "Christopher Jones"                                             
           <[EMAIL PROTECTED]                                             
           ress.com>                                                     A 
           Envoyé par :               <IMail_Forum@list.ipswitch.com>      
           [EMAIL PROTECTED]                                          cc 
           ist.ipswitch.com                                                
                                                                     Objet 
                                      RE: Re[2]: [IMail Forum] IMAIL /     
           02/12/2005 06:18           OPENLDAP and allow bind_v2           
                                                                           
                                                                           
           Veuillez répondre à                                             
           [EMAIL PROTECTED]                                             
               switch.com                                                  
                                                                           
                                                                           




We're in IT...I think we're expected to be tired!! Haha

I never had any grey hairs until I started working here...haha

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox
Sent: Friday, 2 December 2005 4:05 PM
To: IMail_Forum@list.ipswitch.com
Subject: Re: Re[2]: [IMail Forum] IMAIL / OPENLDAP and allow bind_v2

Sorry, dude.  Didn't mean to offend.  Just tired...

Darin.


----- Original Message -----
From: "Christopher Jones" <[EMAIL PROTECTED]>
To: <IMail_Forum@list.ipswitch.com>
Sent: Thursday, December 01, 2005 11:36 PM
Subject: RE: Re[2]: [IMail Forum] IMAIL / OPENLDAP and allow bind_v2


Congratulations....because this is "stating the obvious" to you, then I'm
not allowed to say it?

This is a forum...it's not "Darin's world".

If you don't like it...then don't read it the message and...definitely
don't
reply.

This is just silly

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox
Sent: Friday, 2 December 2005 3:17 PM
To: IMail_Forum@list.ipswitch.com
Subject: Re: Re[2]: [IMail Forum] IMAIL / OPENLDAP and allow bind_v2

Yes, that is the definition of a DMZ.

This is all just stating the obvious...

Darin.


----- Original Message -----
From: "Christopher Jones" <[EMAIL PROTECTED]>
To: <IMail_Forum@list.ipswitch.com>
Sent: Thursday, December 01, 2005 11:06 PM
Subject: RE: Re[2]: [IMail Forum] IMAIL / OPENLDAP and allow bind_v2


When I refer to a DMZ...I mean that traffic from the Internet is first
routed to a network that is separated from your internal network by the
perimeter firewall and the mail is, at the very least, virus scanned.

I for one don't want to allow any email viruses at all into my internal
network and hope that Imail will pick them up, because if it doesn't, the
mail ends up straight in the users mailboxes and then is downloaded to
their
desktops.

If I can stop those threats before it reaches my internal network then I am
a happy man.

In the 3 years I have been working in this position we have not been
infected with a single email-borne virus. And I completely put that down to
filtering the emails before they reach our internal network.

Chris

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox
Sent: Friday, 2 December 2005 10:39 AM
To: IMail_Forum@list.ipswitch.com
Subject: Re: Re[2]: [IMail Forum] IMAIL / OPENLDAP and allow bind_v2

Don't know how a DMZ by itself helps this any.  Do you mean a gateway
should
be filtering the email before it hits the mail server?  What about the
gateway?  It's exposed.  Bottom line is for mail to be delivered, something
has to be exposed to the internet so the connection can be made for
delivery, so I'm not really sure what you mean about not allowing
unfiltered
traffic to get to the mail server.

Many of us use software on the primary mail server, or another mail server
acting as a gateway, to perform the filtering, with the software plugged
into the mail processing chain of events, so one or more ports on that
server are always exposed to the internet.

I think the point you're really getting at is that exposed servers should
be
located in a DMZ, so that if they were compromised the intrusion is limited
to the DMZ and the internal network is still protected.  I think most of
the
people on this list already understand that, so making a point of it seems,
well,  pointless.

Darin.

----- Original Message -----
From: "Christopher Jones" <[EMAIL PROTECTED]>
To: <IMail_Forum@list.ipswitch.com>
Sent: Thursday, December 01, 2005 5:59 PM
Subject: RE: Re[2]: [IMail Forum] IMAIL / OPENLDAP and allow bind_v2


Sandy,

I agree that it's better to have those options than not at all...and as you
suggest, I definitely don't use them. But what I am opposed to is allowing
email from the internet directly in through the firewall to an server that
is in your internal corporate network that is running Imail without doing
any scanning on the emails at all before they enter your network.

That's what I am trying to get at...that I personally can't understand why
people would want to allow unfiltered content directly into their internal
network.

Imail 2006 is only brand new....and I don't understand how any of us can be
sure that there are no possible flaws that could allow Imail to be
manipulated into allowing access to your network.

I'm sorry if my last message sounded rude and harsh...but from a security
stand-point, Network Security 101 states you should be using a DMZ to
filter
all traffic before letting it into your network. That's what I was getting
at.

Chris

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sanford Whiteman
Sent: Friday, 2 December 2005 9:24 AM
To: Christopher Jones
Subject: Re[2]: [IMail Forum] IMAIL / OPENLDAP and allow bind_v2

> And  the  new  features in Imail 2006 to stop dictionary attacks are
> almost  pointless....because they simply reduce the connections from
> the  IP  address  that is sending them mail.

How  else  would you expect dictionary attack prevention to work? It's
an MX protection mechanism.

> Who  in  their  right  mind  would allow all email from the internet
> directly  into  their  network  and  the  fist  server it touches is
> Imail?????  That's one of the biggest no-no's in IT Security.

Ah,  gimme  a  break.  IMail  is  used as an MX at thousands of sites.
Whether  it's  advisable to have _any_ mailbox server also the MX is a
non-issue   here,   although   IMail's  SMTPD  has  historically  been
particularly ill-suited. Obviously, the anti-spam features that relate
to  envelope-level  filtering  are  designed  for those deployments in
which  IMail  is  the  indeed the MX, and the SMTPD is tons better now
than it's ever been.

> Allow  mail  directly  in  from the Internet to your internal server
> running Imail is just asking for trouble....

If you're so opposed to it, don't do it. But you can't fault a product
for  offering  features that are usable in the real world, even if you
don't like that real world.

--Sandy


------------------------------------
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]

SpamAssassin plugs into Declude!

http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release

/

Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail
Aliases!

http://www.imprimia.com/products/software/freeutils/exchange2aliases/downloa

d/release/

http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/re

lease/


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/


To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/




To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

RE: Re[2]: [IMail Forum] IMAIL / OPENLDAP and allow bind_v2

Reply via email to