• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Discussion for Publishing SMTP Servers: Supporting SMTP Authentication, part 2

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> Server Publishing >> Discussion for Publishing SMTP Servers: Supporting SMTP Authentication, part 2 Page: [1]
Login
Message << Older Topic   Newer Topic >>
Discussion for Publishing SMTP Servers: Supporting SMTP... - 13.Jan.2003 5:27:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
This thread is for discussion of part 2 of the securing publishing SMTP server article at XXX

[ January 13, 2003, 05:27 AM: Message edited by: tshinder ]
Post #: 1
RE: Discussion for Publishing SMTP Servers: Supporting ... - 17.Jan.2003 1:23:00 PM   
murph123

 

Posts: 8
Joined: 10.Jan.2003
Status: offline
Hi Tom, thank you so much for all your hard work putting together this new SMTP filter article. Took me a little time but was able to follow what you were saying and get to work like a charm. I love the fact that now our employees from home can send e-mail securly.

I am now wondering how to secure access to our POP3 server(exchange 2000) so passwords and usernames can not be sniffed.

Does the POP3 Filter, like the SMTP filer in ISA alow to connect to a pop3 server in a secure manner?

I do not see a "Windows Security Package" option in the POP3 authentifucation tab on Exchange 2000.

I see that in outlook express there is a POP3 ckeck box for "Logon using Secure Password Authentication" (just like Outgoing) but I tried this and disabled clear text on the exchange server and it seemed to work but would never retrieve any e-mails.

I am confused. Is it that exchange 2000 POP3 server Authentication tab is missing the "Windows Security Package" check box or what?

Thanks for any answer you can provide!

Murph

(in reply to tshinder)
Post #: 2
RE: Discussion for Publishing SMTP Servers: Supporting ... - 18.Jan.2003 9:46:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Murph,

Thanks for the compliments on the article!

Good question regarding POP3. The way to handle this problem is to configure the POP3 site for SSL protection. This secures the credentials and data.

That is still one of the shortcomings of the new SMTP filter. While we can authetnicate using the "security package" authentication, the data still moves "in the clear" because the STARTTLS command, which is required for SSL protection of the data, is not supported.

HTH,
Tom

(in reply to tshinder)
Post #: 3
RE: Discussion for Publishing SMTP Servers: Supporting ... - 19.Jan.2003 4:31:00 AM   
jayal1972

 

Posts: 31
Joined: 7.Jan.2003
From: Stockholm
Status: offline
Hi Murph!
Yeah, excellent place with excellent articles!

No problem running POP3 with a certificate (just apply for a web server certificate and issue one from the Certificate Server) allowing SSL.

As Tom says problem though with SMTP and SSL, I want it too :-(

(in reply to tshinder)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> Server Publishing >> Discussion for Publishing SMTP Servers: Supporting SMTP Authentication, part 2 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts