On Tue, 7 Mar 2000, Mikael Olsson wrote:
> Ferdi Retief wrote:
> >
> > I use MS Exchange both inside and outside - comments welcome
> >
>
> Then what is the point of having an outside mail server?
The points are to (a) contain external connections to external machines.
(b) ensure that problems with volume are limited to external machines so
that internal communications about resolving problems aren't blocked. (c)
to spread the client-side connections between two hosts for better
connection management.
> If it can be breached, and you let your external mail server
> connect to the internal mail server that has exactly the
> same vulnerabilities as the external one.... (....
> time for the previous to sink in ..... )
Not unless the vulnerability is via SMTP, and will be passed verbatum
through his firewall.
> Uhmmmm...
>
> Of course, the matter is another one if the firewall
> in question has a real store-and-forward SMTP proxy.
> Does it do this?
Actually, the questions is more how stringent it is at enforcing SMTP
standards.
> If it doesn't, you might aswell consider your internal
> mail server to be directly accessible from the Internet,
> since it is only a matter of first cracking the external
> one before slamming away at the internal one.
Not really, in the case that the external one isn't there and teh firewall
isn't there, it's automatically game over, in this case, there are two
additional layers to penetrate.
Personally, I'd have chose a better external layer having seen Exchange's
performance under fire, but that's my only grip with the architecture.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
