In my experience the guys from Cisco are a bit bumbling when it comes to
email. Don't let them tell you MAILGUARD is a good thing. Ugh.
Your configuration a) won't work, b) is overly complex, and c) doesn't add
any measurable security.
Feel free to use the DMZ system to relay the SMTP traffic inbound, but don't
bother with the ETRN.
ETRN does not achieve your required results or any of the optional results.
=======================================================
Andy Webb [EMAIL PROTECTED] www.swinc.com
Simpler-Webb, Inc. Austin, TX 512-322-0071
-- Eating XXX Chili at Texas Chili Parlor since 1989 --
=======================================================
-----Original Message-----
From: Nizar El-Assaad [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 10:46 AM
To: Exchange Discussions
Subject: RE: ETRN without dial-up
It is just that I want the server in the secure zone to open the connection,
and not vice versa. I am not sure if this improves security, but that is
what the guys from Cisco told me. Is it true, or just opening port 25 on
both sides would be the same, no matter which server initiates the
connection?
Best Regards
Nizar El-Assaad
-----Original Message-----
From: Webb, Andy [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 6:00 PM
To: Exchange Discussions
Subject: RE: ETRN without dial-up
OK, so what changes the rules in the PIX to allow the mail to flow after the
ETRN?
ETRN is /not/ TURN. ETRN merely indicates to the queueing host "I'm here
now". The host still uses the same inbound SMTP connectivity it would have
tried to use before the mail was queued.
=======================================================
Andy Webb [EMAIL PROTECTED] www.swinc.com
Simpler-Webb, Inc. Austin, TX 512-322-0071
-- Eating XXX Chili at Texas Chili Parlor since 1989 --
=======================================================
-----Original Message-----
From: Nizar El-Assaad [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 9:10 AM
To: Exchange Discussions
Subject: ETRN without dial-up
Hello
Does the ETRN command work without a dial-up connection, i.e. on a LAN/WAN?
I am asking this question because I have a problem in configuring my mail
system. My problem is that I have my mail server (where all the mailboxes
reside) behind a PIX firewall on the secure subnet. Incoming internet mail
will not go directly to my mail server, but to a mail gateway instead,
located in the DMZ. Now this gateway will hold the mail until my original
mail server opens a connection to it to retrieve the mail (firewall
configuration only allows connections to be initiated from the secure zone
to the DMZ). I was thinking of using ETRN to dequeue the mail on the
gateway. Is this feasible? Better yet, is this configuration reasonable, or
there are better alternatives? I heard that ETRN only works with dial-up
connections, is this true?
Thanks a lot for the assistance.
Best Regards
Nizar El-Assaad
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
