I'm not sure I follow. If we are talking about users connecting from the 'Net and retrieving their mail, then my suggestion for Shady would be to look at OWA, or set up POP server(s) in a DMZ with user accounts that retrieve email from the main Exchange server on the inside.
The part that confuses me, is the part about controlling attachments. If you have users getting their mail from the 'Net, how are you going to have less control over attachments? It all has to come across the Exchange server anyway, right? It can still scan/detach "dangerous" attachment file types. If we were talking about users going outbound from the intranet, blocking POP3 wouldn't stop them from getting attachments via Hotmail. I know I must be missing something obvious here, Scott, please clue me in. Nick Network Security Consultant CISSP, CCSI, MCSE, CCNA Raleigh, NC -----Original Message----- From: Ferguson, Scott [mailto:[EMAIL PROTECTED]] Sent: Monday, February 25, 2002 1:46 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: POP3 we took pop3 away from our users not long ago due to virus concerns, technically the desktop software will scan attachments/emails if configured properly, but we like to control the specific types of attachments they can/cannot receive and scan all mail at the server level first -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Saturday, February 23, 2002 5:00 PM To: [EMAIL PROTECTED] Subject: POP3 My users want me to to give them POP3 access via the firewall. We have an Exchange Server runnig with a Checkpoint Firewall. Are there any security issues that I need to watch out _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com