I believe the question here was specifically whether to allow internal POP clients to pull their mail (personal, presumably) from outside sources. To that, I would agree it is a very poor idea to allow that.
As to whether to allow POP usage from outside, I would also agree that allowing it is a poor idea, but there are ways to make it not so poor. Even though it is primative, POP is still a protocol that is necessary for clients running on non-Windows platforms. You can configure Exchange 2000 to support only POP with SSL, somewhat reducing the vulnerability, or, better yet, allow it only through a VPN. Still, I would be encouraging such users to try to use IMAP instead, but it is not without its risks as well. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka Sent: Thursday, June 12, 2003 1:09 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? Mmmm. Man hours. Presumably since you are posting to an Exchange list, you are running Exchange. If you just want a POP server you have wasted your money. If remote access is an issue, set up OWA. If virusesiises are an issue, run AV software on your Exchange boxes. > > -----Original Message----- > From: Joshua R. Morgan [mailto:[EMAIL PROTECTED] > Sent: Thursday, June 12, 2003 1:58 PM > To: Exchange Discussions > > I agree with you from a Security Standpoint that POP has > certain risks, > but maybe a better topic for management is the additional headache POP > is from a support standpoint.. Imagine if you will a > Marketing person > gets a new machine at home, this person sets up outlook to > download via > POP3, instead of choosing to leave the messages on the server they opt > to download everything and remove (could be a simple mistake) however > when they come into work the next day all their email is gone. Now you > could restore from backup which = man-hours or you could have the guy > bring in his machine and copy all the data from it which = man hours. > However if you are running Exchange this Marketing guy could have > accessed via OWA or VPN, or even if you were not using Exchange VPN or > some 3rd Party web tool.. > > > In other words Pop = Bad > > > Joshua > > > > > > > > Joshua Morgan > Email: [EMAIL PROTECTED] > > > -----Original Message----- > From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] > Sent: Thursday, June 12, 2003 1:52 PM > To: Exchange Discussions > Subject: POP = Bad? -- SMTP = Good? > > > List, > > This might be more appropriate for a firewall/security list but it > involves email and I don't belong to one of those yet so I'll post my > question here. I'm curious as to how many of your companies allow > internal clients to access POP mail externally. The reason I'm asking > is because I see POP mail as security risk. Let me explain. Our > firewall strips all but a few attachments from our incoming SMTP > email. With POP however attachments cannot be striped leaving a hole > for new virus that aren't detectable yet by our virus software. I'm > going to try to talk management into letting me block POP. Is > blocking incoming > POP something other company do? Is there some other way to secure > incoming POP mail? > > Matt > > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=& > lang=english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=&lang=english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]