Okay, so now I understand. But I don't see how you have any choice here since the mail to which you are referring doesn't ever pass through your Exchange Server. If you're asking whether it should, and your users should be allowed to pull it using POP from outside locations, then, given the limitations in your environment, I'd say it's probably the lesser of two evils to allow it. That is, if they can already get into the central Unix mail server and pull using POP from the outside, what's the added risk of exposing your server to the same thing? You could force the use of SSL so that an intruder will attack the easier central mail server target (presuming they allow non-SSL access to POP).
Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!� -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Plahtinsky Sent: Thursday, June 12, 2003 8:38 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? Ok Im getting tired and its late and I've been here at work since 8:00am. I'm going to try one more time to clear this up. Campus email servers are OpenBSD something or other. They forward mail to my exchange server via SMTP. (not the problem) Users inside my firewall that don't use my exchange server get their mail from the main campus OpenBSD email server via POP. (the problem) Therefore bypassing my ability to strip there harmful attachments. Matt -----Original Message----- From: deji [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 11:16 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? Then in this case I would say it does not matter whether they POP, PIP, or personally imbibe it, IF your exchange server's AV signature doesn't catch the Virus, the client will get it. All the mails go through your Exchange server. Concentrate your efforts on making your AV work better on the server, and stop worrying about a non-issue. HTH D�j� Ak�m�l�f�, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Plahtinsky Sent: Thursday, June 12, 2003 3:35 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? The reason I asked the original question is because I work at a .EDU All mail goes to a [EMAIL PROTECTED] address on a central campus server. From there people either have their mail forwarded to their department mail server like [EMAIL PROTECTED] (my exchange server) address or use POP to down load their mail from the campus server. I have been trying to get management to force everyone to go through my exchange server so my firewall can strip all those bad attachment types. As it is a virus can sneak into my network with an attachment through POP. All my anti-virus software is set to update daily but if a new virus is able to make it in via POP before my anti-virus software updates. BAM!!!! lots and lots of work :( Matt -----Original Message----- From: Durkee, Peter [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 5:32 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? I think the original question must have related to POPing out for personal mail, because otherwise the normal attachment stripping would occur. Clearly if you're just popping into your regular Exchange mailbox, you're just as protected from viruses as you are accessing it any other way. -Peter -----Original Message----- From: Erik Sojka [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 14:04 To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? Allowing employees to POP personal mail? Hmmm I didn't see that in the question but it's als a bad idea... > > -----Original Message----- > From: Ed Crowley [mailto:[EMAIL PROTECTED] > Sent: Thursday, June 12, 2003 4:46 PM > To: Exchange Discussions > > I believe the question here was specifically whether to allow internal > POP clients to pull their mail (personal, presumably) from > outside sources. To > that, I would agree it is a very poor idea to allow that. > > As to whether to allow POP usage from outside, I would also agree that > allowing it is a poor idea, but there are ways to make it not so poor. > Even though it is primative, POP is still a protocol that is necessary > for clients running on non-Windows platforms. You can configure > Exchange 2000 to support only POP with SSL, somewhat reducing the > vulnerability, or, better yet, allow it only through a VPN. Still, I > would be encouraging such > users to try to use IMAP instead, but it is not without its > risks as well. > > Ed Crowley MCSE+Internet MVP > Freelance E-Mail Philosopher > Protecting the world from PSTs and Bricked Backups!T > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka > Sent: Thursday, June 12, 2003 1:09 PM > To: Exchange Discussions > Subject: RE: POP = Bad? -- SMTP = Good? > > > Mmmm. Man hours. > > Presumably since you are posting to an Exchange list, you are running > Exchange. If you just want a POP server you have wasted your money. > > If remote access is an issue, set up OWA. If virusesiises are an > issue, run AV software on your Exchange boxes. > > > > > -----Original Message----- > > From: Joshua R. Morgan [mailto:[EMAIL PROTECTED] > > Sent: Thursday, June 12, 2003 1:58 PM > > To: Exchange Discussions > > > > I agree with you from a Security Standpoint that POP has certain > > risks, but maybe a better topic for management is the additional > headache POP > > is from a support standpoint.. Imagine if you will a > > Marketing person > > gets a new machine at home, this person sets up outlook to download > > via POP3, instead of choosing to leave the messages on the > server they opt > > to download everything and remove (could be a simple > mistake) however > > when they come into work the next day all their email is > gone. Now you > > could restore from backup which = man-hours or you could > have the guy > > bring in his machine and copy all the data from it which = > man hours. > > However if you are running Exchange this Marketing guy could have > > accessed via OWA or VPN, or even if you were not using > Exchange VPN or > > some 3rd Party web tool.. > > > > > > In other words Pop = Bad > > > > > > Joshua > > > > > > > > > > > > > > > > Joshua Morgan > > Email: [EMAIL PROTECTED] > > > > > > -----Original Message----- > > From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] > > Sent: Thursday, June 12, 2003 1:52 PM > > To: Exchange Discussions > > Subject: POP = Bad? -- SMTP = Good? > > > > > > List, > > > > This might be more appropriate for a firewall/security list but it > > involves email and I don't belong to one of those yet so > I'll post my > > question here. I'm curious as to how many of your companies allow > > internal clients to access POP mail externally. The reason > I'm asking > > is because I see POP mail as security risk. Let me explain. Our > > firewall strips all but a few attachments from our incoming SMTP > > email. With POP however attachments cannot be striped > leaving a hole > > for new virus that aren't detectable yet by our virus > software. I'm > > going to try to talk management into letting me block POP. Is > > blocking incoming POP something other company do? Is there some > > other way to secure incoming POP mail? > > > > Matt > > > > > > > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > > ext_mode=& > > lang=english > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > > ext_mode=&lang=english > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=&lang > =english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=&lang=english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] ______________________________________________ This message is private or privileged. If you are not the person for whom this message is intended, please delete it and notify me immediately, and please do not copy or send this message to anyone else. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
