Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Using ATRN on SMTP server in DMZ

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> DMZ >> Using ATRN on SMTP server in DMZ Page: [1]
Login
Message << Older Topic   Newer Topic >>
Using ATRN on SMTP server in DMZ - 22.Sep.2004 3:05:00 PM   
2nd-protocol

 

Posts: 3
Joined: 16.Feb.2004
From: UK
Status: offline 		Is there any benefit in using ATRN on an SMTP server located in a back-to-back DMZ, so that servers on the internal network have to pull mail from the DMZ server.

I have been advised that this is a measure I should take to improve security but I just can't see the point. The volume of mail we get through is high enough that the connection will need to be permently open and ther are enough internal servers to make the task a real headache. I appreciate that I would not have a hole in the internal ISA box for port 25 but am I missing something else that makes this actually worthwhile doing?

Clive
Post #: 1
RE: Using ATRN on SMTP server in DMZ - 23.Sep.2004 6:55:00 AM   
tshinder

 

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Clive,

I totally agree with you. I don't see the point either. I suppose that if someone owned the relay, they could get inbound TCP 25, but if the machine is compromised to that extent, you have much bigger problems.

I suppose there would be a small modicum of security added, but no enough where I'll ever recommend it. This definitely falls into the realm of what I call the "security wankers" type of rec [Big Grin]

HTH,
Tom

[ September 23, 2004, 06:56 AM: Message edited by: tshinder ]

(in reply to 2nd-protocol)
Post #: 2
RE: Using ATRN on SMTP server in DMZ - 23.Sep.2004 10:56:00 AM   
2nd-protocol

 

Posts: 3
Joined: 16.Feb.2004
From: UK
Status: offline 		Thats just what I needed to hear,

Sometimes I start off knowing he is feeding me BS but end up almost ready to sign on the dotted line. He's some sort Paul Mckenna of IT and has the ability to induce a state of mass hypnosis in a meeting room. The guy must have been an insurance salesman in a previous life.

Thanks Tom.

(in reply to 2nd-protocol)
Post #: 3
RE: Using ATRN on SMTP server in DMZ - 26.Sep.2004 12:07:00 AM   
tshinder

 

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Clive,

No problem. The 'insurance salesman' approach to selling security solutions is rampant. You've always got to be on your guard because you'll end up spending $30,000+ on a Netscreen 'hardware' firewall that doesn't provide half the security of an ISA firewall. [Big Grin]

Thanks!
Tom

(in reply to 2nd-protocol)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> DMZ >> Using ATRN on SMTP server in DMZ Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts