Greetings all -
We have four different mail exchangers inside four different DMZs
throughout the company. The DMZs consist of a two-router solution.
The mail exchangers queue incoming mail and forward it through the
inner-company firewall (so we allow smtp traffic through the firewall
from those specific mail exchangers).
The outer-firewall machines are running UnixWare 2.1 mail (aka mailsurr),
which is completely modularized, unlike sendmail. The inner-firewall
machines are running GroupWise 4.1 SMTP Gateways on NetWare.
For outbound mail, we send directly from the inner-firewall machines to
the Internet with out passing through or queuing on the DMZ machines.
The assumption is that the DMZ mail exchangers (or any other machine in
the DMZ) could be cracked and are, therefore, unsafe. However, if
someone were to crack any of those machines, alarms would sound,
(hopefully) giving us enough time to handle/recover from the attack.
Regards,
- Harris Demel
Former Novell, Inc. Postmaster
>>> Dan Tshin <dtshin @
bulldog .
ca> 10/07/96 07:57am >>>
On Friday, October 04, 1996 3:26 PM, Richard
Stiennon[SMTP:richards @
netrex .
com] wrote:
>At 07:07 PM 10/2/96 CDT, Hmm wrote:
>> > I would be interested in hearing how checkpoint is securing their
>>customers from SMTP based attacks! From what I have seen, they
simply
>pass it
>>through to a mail machine... If that mail machine happends to be running
>>Sendmail 4.1, the attacker can blow holes right through the
perimiter....?
>
>Well, how about not allowing telnet to the mail server?
>
How do you do that and not allow mail hacking?
I have tried disabling telnet to a machine, but when I telnet to that
machine's port 25, I'm in.
How about firewalls that actually store mail and then hand it off to an
internal mail server?
dt
_______________________________________________
Dan Tshin The Bulldog Group Inc.
Research and Development 416.594.9207:252
http://www.bulldog.ca 416.594.1473 Fax
_______________________________________________
A head is not merely a hat hangar. Just Use It.
|
|
