I know this is more of a mail security issue without much firewall content at all... if there is a more appropriate (mail) security focused list, please let me know and I'll post my query there. I've searched FAQs, mailing lists, e-mail MTA sites, security sites, hacker sites, and all over the net and can't seem to find anything related yet so thought I would start here. Thanks in advance. With all the problems recently due to the ILU virus and subsequent variants, our IT management has been looking into possibly outsourcing virus scanning of our e-mail to companies such as mail.com and www.messagelabs.com. My concerns stem from the fact that most of these services offer great virus protection, but none of the anti-relaying, anti-spamming, receipt-to validation protection we currently have with our own firewalled, hardened MTA gateway. With their server now accepting mail for our domain (as a store-and-forward relay) without any of these measures in place to reject the connection immediately from the source, I fear we are just lowering our current defences in these areas just to increase it in one other area. I fear this would increase our risk of DoS attacks in these areas which we have worked so hard to reduce. I am also concerned with the fact that all of our e-mail will now be flowing almost directly back and forth between our MTA and their MTA in the clear making it so much easier for someone to snoop. Am I being overly paranoid? We have no control over the path between the two end points in between our MTA and theirs and I would suspect that the path would be fairly consistent and anyone within that path would have access to snoop it. At least with our protected MTA being the MX for our domain, our end is the only constant making it more difficult to access for snooping. Also, as encryption becomes more and more prevelant, this outsourcing solution becomes totally useless. My suggestion has been to utilize the new Mail Filter API provided in our current MTA, sendmail, to interface with various virus scanning software such as McAfee's vscan. As we move into encryption, we can move to Sendmail's SecureSwitch and continue to content and virus scan email before it's encrypted when sending and after it's encrypted when receiving. Again, this builds upon our current e-mail infrastructure. So far, all they see is that we can outsource virus scanning and prevent ILU copy-cats. By doing this, "we can sleep at night knowing someone else is looking after it". Again, am I being overly paranoid? Are these services secure and would we be able to sleep better at night or should I be pushing for an in house solution to the e-mail virus problems? Opinions please. Thanks in advance. JDM - CISSP, CCP, I.S.P., CCSA, CCSE, MCSE, MCP+I, SCSA, SCNA - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
