[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Fwd: RE: [FW1] SMTP security server setup and NBT]
[ The following text is in the "x-user-defined" character set. ]
[ Your display is set for the "US-ASCII" character set. Some ]
[ characters may be displayed incorrectly. ]
Mathias,
i have not received any replies with solutions as to how
to secure the incoming mailserver by disabling ports
137-139 which will disable the perf. monitoring on it.
i think, i'll secure the mail-server with a little internal
dmz with perf. monitor machine in the same zone. and then
have a outbound mailserver to bypass the SMTP sercurity server
on the fw. can anyone give a better solution.
-------- Original Message --------
From: "Mathias Preble"
I moved dual homed Exchange IMC (internet mail connectors) behind the
firewall and used NAT for an external address and opened port 25. They are
not in the DMZ, but on the clean side, so the admins continue to have the
access they always had.
I have several machines in the DMZ that need NBT to authenticate against
domain controllers. I realize there is a risk, but its better than the
previous situation - dual homed machines...
I would be very interested to hear what kind of responses you got from your
message.
-----Original Message-----
From: owner-fw-1-mailinglist@lists.us.checkpoint.com
To: fw-1-mailinglist@lists.us.checkpoint.com
Subject: [FW1] SMTP security server setup and NBT
Dear Checkpointers,
I want to evaluate the risk of mail-server setup. Presently it sits
in the DMZ and SMTP's in/out to the world. however there are folks unhappy
about it being there and mail folks can't use ports 137-139 to monitor its
perf.
from the internal side :) So i have suggested to use the SMTP security
server
for incoming email, which will store-forward to the internal mail-server
at port 25. the mail-server will SMTP email out directly to the world,
as per phoneboys site. That is my problem!.
I told the mail guys even then the internal mail server should be hardened
and to avoid keepin the NBT ports 137 - 139 open on it for
the Perf. monitor server to talk to it or figure out another way to monitor
the mail-server (vpn), cause if the mail-server is hacked over ports 137 -
139
then somebody can tunnel out over port SMTP outside. Am I right in this
assumption?
my question is.. can i use the 4.0/SP4 SMTP security server for outbound
mail
and let mailserver deliver mail to it rather than the internet?
or there are still problems with delivery? and is okay to take the
stand that the internal mail-server needs to be secured and should only
talk to the exchange server and FW. are there other methods to monitor the
performance with out using ports 137-139 for NT.
I await your inputs and thoughts to solve this issue and keep everyone
happy!.
payal@pdq.net
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================