Well said.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Ali Port
Sent: Tuesday, September 05, 2000 3:45 AM
To: [EMAIL PROTECTED]
Subject: RE: [IMail Forum] security holes
Unfortunately many people inherit servers from others, knowing nothing about
the products installed on them. Another result of the environment that we
work in is that a sys admin usually does not have the time to dedicate weeks
to learning things like IMail which they may have never even heard of before
now let alone seen or worked with.
When you're looking after the web site, ftp site, firewalls, routers, file
and print servers, numerous development application servers, CTI, WAP, fax,
Oracle database servers, backups and so many more things I won't list it can
be a huge time (and often job) saver to talk to experienced admins on lists
such as this who have already done the work and are happy to share their
experiences.
I know that it sounds like I'm happy to sit back and cream off other
people's hard work but I don't mean that. I mean that if people here are
happy to clue me up on issues I'm struggling to find time to learn then I'm
more than happy to give my experience on something I may know a bit about.
One who prefers the friendship of like minded professionals to hating
anything.
Ali.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of mbailey
Sent: 05 September 2000 05:25
To: [EMAIL PROTECTED]
Subject: RE: [IMail Forum] security holes
IPSWITCH gave you the gun to control. It might be loaded but you can
always unload the gun.. I like what they have and changing this is blaming
them for an aministrators task.
If you don't like it get another product. Make sure you ask them to wipe
your ass first otherwise they might give you another loaded gun..
One who hates wannabe sysadmins..
--Matt
>
>
> >Thanks, that is very helpful. I wish Ipswitch would have told me this.
I
> >disabled the LDAP server, is there any reason to have it running?
>
> Not unless you have users who have LDAP clients.
>
> Preston, did you have LDAP and LDAP logging turned on? If yes, can
> you see some LDAP activity harvesting your mail accounts in your log
files?
>
> Since this is a security hole, I recommend that the Ipswitch install
> program setup Imail with the "information services" of LDAP, finger,
> and whois turned off by default.
>
> And that the SMTP security default intall to "relay for
> addresses". It's not very responsible for Ipswitch to install Imail
> as an open relay without signalling this fact. Or, have the
> admin person select the security setting at install, with "relay for
> addresses" and Uncheck SMTP AUTH as suggested
> defaults. Unexperienced Imail admins have quite enough on their
> hands without getting hijacked and/or blacklisted due to imprudent
> install defaults for security settings.0
>
> The SMTP AUTH default would force new installations to begin their
> mail operations with this "best" policy and not be forced to
> implement retroactively after several 100 or several 1000 user mail
> programs are setup without SMTP AUTH.
>
> Len
>
>
> http://BIND8NT.MEIway.com: ISC BIND 8.2.2 p5 installable binary for NT4
> http://IMGate.MEIway.com: Build free, hi-perf, anti-spam mail gateways
>
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
>
> An Archive of this list is available at:
> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
>
> An Archive of this list is available at:
> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
