Hello:
I have had the same problem and what we did was the following:
1.-As you well mention it , it is a high risk to open pop3 to the world.
So if you can not avoid it , the short term solution that we took was to
enable pop3 to just certain ip's ( of course the ones that the other
people will be accesing from ) . That solve the problem for a while.
2.- Then they wanted to check their mail from every possible machine that
they could put their hands on , so we got a free web mail software and
install it . It took us a little while to compile it a make it work , but
it was well worth it.
Hope this helps !!!!
>
> Currently we have SMTP service only allowed between our exchange server and
> the ISP mail server. This firewall rule is working fine and we have had no
> security incidents with this arrangement. Due to the usual political masters
> which are this company they wish to enable POP3 service on our exchange
> server so that executives at home could retrive their mail on the company
> exchange server. We would have to allow the POP3 service on the firewall
> available to the internet to make this work.
>
> I know that this bad security practice to allow the POP3 service to come in,
> but I need additional internet white papers, concrete evidence, best
> practices info on why we should not allow this.
>
> Any additional info anybody has would be most appreciated and also lessons
> on how to deal with political masters.
>
> Peter Watson
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
*******************************************************************************
Ing. Gerardo Soto Casados
Compu-Redes
Labastida # 37 Esq. Tijuana
San Martin Texmelucan Puebla
Tel. y Fax (91248) 45-888
e-mail: [EMAIL PROTECTED]
http://www.compu-redes.net.mx
*******************************************************************************
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
