Hi Matt, If I am reading this right, the OpenBSD servers selectively (dependant upon account) forward some of the mail to your Exchange system and retain the rest for POP collection? The users with POP email programs then bypass any perimeter security you have implemented by collecting direct from the OpenBSD server that has not stripped attachments. All users that can communicate with the Exchange system do so, and by doing so only collect mail that has had sensitive attachments stripped. If this is the case, why not do the following:-
Create accounts for all your users on your Exchange system and arrange for all mail to be forwarded by SMTP. Close POP at the firewall to prevent abuse. To allow those users that 'must' continue to use POP to collect their mail, enable POP collection from your Exchange server. The result is - You are fully protected, as all mail has attachments stripped, and the users are happy as they have not had to change their methods of mail retrieval. Nick -----Original Message----- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: 13 June 2003 04:38 To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? Ok Im getting tired and its late and I've been here at work since 8:00am. I'm going to try one more time to clear this up. Campus email servers are OpenBSD something or other. They forward mail to my exchange server via SMTP. (not the problem) Users inside my firewall that don't use my exchange server get their mail from the main campus OpenBSD email server via POP. (the problem) Therefore bypassing my ability to strip there harmful attachments. Matt -----Original Message----- From: deji [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 11:16 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? Then in this case I would say it does not matter whether they POP, PIP, or personally imbibe it, IF your exchange server's AV signature doesn't catch the Virus, the client will get it. All the mails go through your Exchange server. Concentrate your efforts on making your AV work better on the server, and stop worrying about a non-issue. HTH Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Plahtinsky Sent: Thursday, June 12, 2003 3:35 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? The reason I asked the original question is because I work at a .EDU All mail goes to a [EMAIL PROTECTED] address on a central campus server. From there people either have their mail forwarded to their department mail server like [EMAIL PROTECTED] (my exchange server) address or use POP to down load their mail from the campus server. I have been trying to get management to force everyone to go through my exchange server so my firewall can strip all those bad attachment types. As it is a virus can sneak into my network with an attachment through POP. All my anti-virus software is set to update daily but if a new virus is able to make it in via POP before my anti-virus software updates. BAM!!!! lots and lots of work :( Matt -----Original Message----- From: Durkee, Peter [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 5:32 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? I think the original question must have related to POPing out for personal mail, because otherwise the normal attachment stripping would occur. Clearly if you're just popping into your regular Exchange mailbox, you're just as protected from viruses as you are accessing it any other way. -Peter -----Original Message----- From: Erik Sojka [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 14:04 To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? Allowing employees to POP personal mail? Hmmm I didn't see that in the question but it's als a bad idea... > > -----Original Message----- > From: Ed Crowley [mailto:[EMAIL PROTECTED] > Sent: Thursday, June 12, 2003 4:46 PM > To: Exchange Discussions > > I believe the question here was specifically whether to allow internal > POP clients to pull their mail (personal, presumably) from > outside sources. To > that, I would agree it is a very poor idea to allow that. > > As to whether to allow POP usage from outside, I would also agree that > allowing it is a poor idea, but there are ways to make it not so poor. > Even though it is primative, POP is still a protocol that is necessary > for clients running on non-Windows platforms. You can configure > Exchange 2000 to support only POP with SSL, somewhat reducing the > vulnerability, or, better yet, allow it only through a VPN. Still, I > would be encouraging such > users to try to use IMAP instead, but it is not without its > risks as well. > > Ed Crowley MCSE+Internet MVP > Freelance E-Mail Philosopher > Protecting the world from PSTs and Bricked Backups!T > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka > Sent: Thursday, June 12, 2003 1:09 PM > To: Exchange Discussions > Subject: RE: POP = Bad? -- SMTP = Good? > > > Mmmm. Man hours. > > Presumably since you are posting to an Exchange list, you are running > Exchange. If you just want a POP server you have wasted your money. > > If remote access is an issue, set up OWA. If virusesiises are an > issue, run AV software on your Exchange boxes. > > > > > -----Original Message----- > > From: Joshua R. Morgan [mailto:[EMAIL PROTECTED] > > Sent: Thursday, June 12, 2003 1:58 PM > > To: Exchange Discussions > > > > I agree with you from a Security Standpoint that POP has certain > > risks, but maybe a better topic for management is the additional > headache POP > > is from a support standpoint.. Imagine if you will a > > Marketing person > > gets a new machine at home, this person sets up outlook to download > > via POP3, instead of choosing to leave the messages on the > server they opt > > to download everything and remove (could be a simple > mistake) however > > when they come into work the next day all their email is > gone. Now you > > could restore from backup which = man-hours or you could > have the guy > > bring in his machine and copy all the data from it which = > man hours. > > However if you are running Exchange this Marketing guy could have > > accessed via OWA or VPN, or even if you were not using > Exchange VPN or > > some 3rd Party web tool.. > > > > > > In other words Pop = Bad > > > > > > Joshua > > > > > > > > > > > > > > > > Joshua Morgan > > Email: [EMAIL PROTECTED] > > > > > > -----Original Message----- > > From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] > > Sent: Thursday, June 12, 2003 1:52 PM > > To: Exchange Discussions > > Subject: POP = Bad? -- SMTP = Good? > > > > > > List, > > > > This might be more appropriate for a firewall/security list but it > > involves email and I don't belong to one of those yet so > I'll post my > > question here. I'm curious as to how many of your companies allow > > internal clients to access POP mail externally. The reason > I'm asking > > is because I see POP mail as security risk. Let me explain. Our > > firewall strips all but a few attachments from our incoming SMTP > > email. With POP however attachments cannot be striped > leaving a hole > > for new virus that aren't detectable yet by our virus > software. I'm > > going to try to talk management into letting me block POP. Is > > blocking incoming POP something other company do? Is there some > > other way to secure incoming POP mail? > > > > Matt > > > > > > > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > > ext_mode=& > > lang=english > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > > ext_mode=&lang=english > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=&lang > =english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=&lang=english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=& lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] ______________________________________________ This message is private or privileged. If you are not the person for whom this message is intended, please delete it and notify me immediately, and please do not copy or send this message to anyone else. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=& lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] The information in this e-mail and any attachment(s) is confidential and may be legally privileged. This e-mail is intended solely for the addressee. If you are not the addressee, dissemination, copying or other use of this e-mail or any of its content is strictly prohibited and may be unlawful. If you are not the intended recipient please inform the sender immediately and destroy the e-mail and any copies. All liability for viruses is excluded to the fullest extent permitted by law. Any views expressed in this message are those of the individual sender. No contract may be construed by this e-mail. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]