Where I am security admin, we run Notes behind a firewall and a simple MTA on a hardened machine in front of the firewall. This has several advantages. The Notes server that connects to all of our internal Notes servers is protected by the firewall so you have less likelihood of a problem with Notes SMTP causing damage to your internal network. As well, this server has a single stream of input and output so has less work to do. It does spend a fair amount of work converting between the Notes internal format and SMTP/RFC 2822 format so no need to burden it. The Outside SMTP MTA can do spamblock lookup, spoof protection etc. without worrying about Notes details. Neither machine is that big but the result is quite clean mail flow.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Paul Robertson Sent: Mon March 25 2002 18:52 To: David Ishmael Cc: 'Navin Mehra/MUM/IN/STTL'; [EMAIL PROTECTED] Subject: RE: Restrict telnet to port 25 via firewall. On Mon, 25 Mar 2002, David Ishmael wrote: > You may want to look into products that support SMTP authentication to > send mail to remote hosts. Of course that wouldn't protect any of your > users from getting SPAM and stuff. SMTP auth is only useful for SASLish stuff or <protocol> before SMTP relay issues. That doesn't stop 3rd party spoofing of 3rd party addresses. Since that's the majority of mail into an organization (in my experience, >90%), it's hardly effective. Most *nix MTAs these days stop 3rd party relay of 1st party addresses (my experiences with Notes as an MTA in the distant past make the recommendation of a "real" MTA in front of it easy to advance.) Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions [EMAIL PROTECTED] which may have no basis whatsoever in fact." _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
