It was mentioned earlier that someone was contemplating using
something like MIMESweeper in the DMZ. To me this is a great idea. Utilise
the MIMESweeper to scann, reject etc e-mails in the DMZ. The routing table
is to this server first so any would be intruder has another box to contend
with plus if a dangerous e-mail is received it can be stopped at the
MIMESweeper server. The FW rules only allow IP connections between the mail
server and the MIMESweeper server via internal addressing. This doesn't
handle the remote users issue but by setting up a RAS server (adding PPTP or
other form of encrypted tunnel) an LMHOST file should let them access their
mail.
John Taylor
From: "Jarmoc, Jeff" <[EMAIL PROTECTED]> on 30/08/2000
03:11
To: "Ng, Kenneth (US)" <[EMAIL PROTECTED]>@SMTP@Aus Exchange, Al
Saenz <[EMAIL PROTECTED]>@SMTP@Aus Exchange,
[EMAIL PROTECTED]@SMTP@Aus Exchange
cc:
Subject: RE: Mail Serve Security
Outlook Web Access is fairly nice for this. It'll allow anyone who
can open
an SSL session to a web server to access their email. Of course,
you can
still allow VPN users to use MAPI clients...
-----Original Message-----
From: Ng, Kenneth (US) [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 29, 2000 9:59 AM
To: 'Al Saenz'; [EMAIL PROTECTED]
Subject: RE: Mail Serve Security
First recommendation: don't use exchange, it needs too many services
open up
to be secure.
Second recommendation: if you have to use Exchange for political or
other
reasons, use a VPN to connect remotely. If you want to be able to
connect
from almost anywhere (especially behind remote firewalls that you
can't
control), stay away from PPTP and IPSEC. Use something that can
tunnel over
an application gateway protocol such as TELNET or SSL. And I DO NOT
mean a
program that uses port 23 or 443 and uses some arbitrary protocol,
that will
not work on application gateway firewalls.
-----Original Message-----
From: Al Saenz [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 29, 2000 9:29 AM
To: [EMAIL PROTECTED]
Subject: Mail Serve Security
Hello and Thank you for your input.
I have an MS Exchange Server. I know there has been mention in the
past
about have some kind of Exchange relay server in the DMZ while your
actual
E-mail server is in your protected LAN.
I am wanting to let mobile users check email.
Could someone refresh my memory and lead me in the right direction.
Thank you.
al
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
****************************************************************************
*
The information in this email is confidential and may be legally
privileged.
It is intended solely for the addressee. Access to this email by
anyone else
is unauthorized.
If you are not the intended recipient, any disclosure, copying,
distribution
or any action taken or omitted to be taken in reliance on it, is
prohibited
and may be unlawful. When addressed to our clients any opinions or
advice
contained in this email are subject to the terms and conditions
expressed in
the governing KPMG client engagement letter.
****************************************************************************
*
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
