That clarifies it, and I know it is difficult to do the right thing when supporting a University.
So you *were* talking about staff POPping your mail from the Exchange server. Eat that, Ed! [1] You may be able to propose a compromise: - All SMTP mail must be delivered to the Exchange server and be AV scanned. - Disallow file types that are commonly used to send virusesiises. The Martin Blackstone list in Appendix F of the FAQ may help here. Can I assume that if these people are using University computers, they have University-installed and -managed AV software running on them? That may also mitigate the virus risk and provide another level of protection. - Allow IMAP instead of POP? [1] Totally kidding!! > > -----Original Message----- > From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] > Sent: Thursday, June 12, 2003 6:35 PM > To: Exchange Discussions > > The reason I asked the original question is because I work at a .EDU > All mail goes to a [EMAIL PROTECTED] address on a central > campus server. > From there people either have their mail forwarded to their department > mail server like > [EMAIL PROTECTED] (my exchange server) address or > use POP to > down load their mail from the campus server. I have been > trying to get > management to force everyone to go through my exchange server so my > firewall can strip all those bad attachment types. As it is > a virus can > sneak into my network with an attachment through POP. All my > anti-virus > software is set to update daily but if a new virus is able to > make it in > via POP before my anti-virus software updates. BAM!!!! lots and lots > of work :( > > Matt > > > > > -----Original Message----- > From: Durkee, Peter [mailto:[EMAIL PROTECTED] > Sent: Thursday, June 12, 2003 5:32 PM > To: Exchange Discussions > Subject: RE: POP = Bad? -- SMTP = Good? > > > I think the original question must have related to POPing out for > personal mail, because otherwise the normal attachment stripping would > occur. Clearly if you're just popping into your regular Exchange > mailbox, you're just as protected from viruses as you are accessing it > any other way. > > -Peter > > > -----Original Message----- > From: Erik Sojka [mailto:[EMAIL PROTECTED] > Sent: Thursday, June 12, 2003 14:04 > To: Exchange Discussions > Subject: RE: POP = Bad? -- SMTP = Good? > > > Allowing employees to POP personal mail? Hmmm I didn't see > that in the > question but it's als a bad idea... > > > > > -----Original Message----- > > From: Ed Crowley [mailto:[EMAIL PROTECTED] > > Sent: Thursday, June 12, 2003 4:46 PM > > To: Exchange Discussions > > > > I believe the question here was specifically whether to allow > > internal POP > > clients to pull their mail (personal, presumably) from > > outside sources. To > > that, I would agree it is a very poor idea to allow that. > > > > As to whether to allow POP usage from outside, I would also > agree that > > > allowing it is a poor idea, but there are ways to make it > not so poor. > > > Even though it is primative, POP is still a protocol that > is necessary > > > for clients running on non-Windows platforms. You can configure > > Exchange 2000 > > to support only POP with SSL, somewhat reducing the > vulnerability, or, > > better yet, allow it only through a VPN. Still, I would be > > encouraging such > > users to try to use IMAP instead, but it is not without its > > risks as well. > > > > Ed Crowley MCSE+Internet MVP > > Freelance E-Mail Philosopher > > Protecting the world from PSTs and Bricked Backups!T > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka > > Sent: Thursday, June 12, 2003 1:09 PM > > To: Exchange Discussions > > Subject: RE: POP = Bad? -- SMTP = Good? > > > > > > Mmmm. Man hours. > > > > Presumably since you are posting to an Exchange list, you > are running > > Exchange. If you just want a POP server you have wasted your money. > > > > If remote access is an issue, set up OWA. If virusesiises > > are an issue, run > > AV software on your Exchange boxes. > > > > > > > > -----Original Message----- > > > From: Joshua R. Morgan [mailto:[EMAIL PROTECTED] > > > Sent: Thursday, June 12, 2003 1:58 PM > > > To: Exchange Discussions > > > > > > I agree with you from a Security Standpoint that POP has certain > > > risks, but maybe a better topic for management is the additional > > headache POP > > > is from a support standpoint.. Imagine if you will a > > > Marketing person > > > gets a new machine at home, this person sets up outlook to > > > download via > > > POP3, instead of choosing to leave the messages on the > > server they opt > > > to download everything and remove (could be a simple > > mistake) however > > > when they come into work the next day all their email is > > gone. Now you > > > could restore from backup which = man-hours or you could > > have the guy > > > bring in his machine and copy all the data from it which = > > man hours. > > > However if you are running Exchange this Marketing guy could have > > > accessed via OWA or VPN, or even if you were not using > > Exchange VPN or > > > some 3rd Party web tool.. > > > > > > > > > In other words Pop = Bad > > > > > > > > > Joshua > > > > > > > > > > > > > > > > > > > > > > > > Joshua Morgan > > > Email: [EMAIL PROTECTED] > > > > > > > > > -----Original Message----- > > > From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] > > > Sent: Thursday, June 12, 2003 1:52 PM > > > To: Exchange Discussions > > > Subject: POP = Bad? -- SMTP = Good? > > > > > > > > > List, > > > > > > This might be more appropriate for a firewall/security list but it > > > involves email and I don't belong to one of those yet so > > I'll post my > > > question here. I'm curious as to how many of your companies allow > > > internal clients to access POP mail externally. The reason > > I'm asking > > > is because I see POP mail as security risk. Let me explain. Our > > > firewall strips all but a few attachments from our incoming SMTP > > > email. With POP however attachments cannot be striped > > leaving a hole > > > for new virus that aren't detectable yet by our virus > > software. I'm > > > going to try to talk management into letting me block POP. Is > > > blocking incoming POP something other company do? Is there some > > > other way to secure incoming POP mail? > > > > > > Matt > > > > > > > > > > > > > > > _________________________________________________________________ > > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > > Web Interface: > > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > > > ext_mode=& > > > lang=english > > > To unsubscribe: mailto:[EMAIL PROTECTED] > > > Exchange List admin: [EMAIL PROTECTED] > > > > > > _________________________________________________________________ > > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > > Web Interface: > > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > > > ext_mode=&lang=english > > > To unsubscribe: mailto:[EMAIL PROTECTED] > > > Exchange List admin: [EMAIL PROTECTED] > > > > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > > ext_mode=&lang > > =english > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > > ext_mode=&lang=english > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=& > lang=english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > ______________________________________________ > This message is private or privileged. If you are not the > person for whom this message is intended, please delete it > and notify me immediately, and please do not copy or send > this message to anyone else. > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=& > lang=english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=&lang=english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
