> We had to quit using it, however, because our > auditors were able to break > into it and it looked like it would take an exit to > stop them; and it > wasn't worth that. There were also other issues > around the corner > involving validation of the VM email sender. It > just got too messy for > what it would have bought us. >
The trouble with SMTP is that the E-Mail sender is (usually) not verifiable. If you are just using NOTES to relay out to the Internet this shouldn't be an issue. However if you are going to allow Notes <=> VM then it can be an issue for the Notes users. I think the moral is that even on internal systems only trust digitally signed e-mails, and then only if you trust the PKI. > And, in response to Dave Wade, you might want to > take this indirect route > if your VM system doesn't have direct access to the > Internet. Using NOTES in this way seems a bit of a sledge hammer to crack a nut, but I guess if you already have NOTES on the internet its a good start. Trouble is that if I had NOTES on the internet, I would make sure the bridge head MTA (thats the one that talks SMTP) was not visible to the internal network via SMTP, only via Notes protocols, to minimize the spoofing mentioned above... > > Dennis Schaffer > Dave. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
