Jim, My company uses Mailzone for our external filtering. It offers virus scanning, anit-spam, anti-relaying, and excellent content filtering. It works great for us and I would usually recommend it to small companies under about 500 people. For larger organizations there are better methods to be used. Products like MimeSweeper from Content Technologies in conjunction with good virus scanning software (MimeSweeper can use almost any as a plugin), and a solid SMTP configuration (no relaying or authenticated relaying) can provide a very solid solution. The real question comes to maintenance. One of the key aspects of our decision was that we are focused on consulting not internal support. By using Mailzone we are able to set it and forget it and concentrate on real tasks. Just my 8 cents, inflation you know. Jason P. Wilcox Manager, Security Services 4C Solutions Inc ----- Original Message ----- From: "Jim McLeod" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, June 17, 2000 7:18 AM Subject: [OT] Security concerns with mail.com, etc. ? > I know this is more of a mail security issue without much firewall content > at all... if there is a more appropriate (mail) security focused list, > please let me know and I'll post my query there. I've searched FAQs, > mailing lists, e-mail MTA sites, security sites, hacker sites, and all over > the net and can't seem to find anything related yet so thought I would start > here. Thanks in advance. > > With all the problems recently due to the ILU virus and subsequent variants, > our IT management has been looking into possibly outsourcing virus scanning > of our e-mail to companies such as mail.com and www.messagelabs.com. My > concerns stem from the fact that most of these services offer great virus > protection, but none of the anti-relaying, anti-spamming, receipt-to > validation protection we currently have with our own firewalled, hardened > MTA gateway. With their server now accepting mail for our domain (as a > store-and-forward relay) without any of these measures in place to reject > the connection immediately from the source, I fear we are just lowering our > current defences in these areas just to increase it in one other area. I > fear this would increase our risk of DoS attacks in these areas which we > have worked so hard to reduce. I am also concerned with the fact that all of > our e-mail will now be flowing almost directly back and forth between our > MTA and their MTA in the clear making it so much easier for someone to > snoop. Am I being overly paranoid? We have no control over the path between > the two end points in between our MTA and theirs and I would suspect that > the path would be fairly consistent and anyone within that path would have > access to snoop it. At least with our protected MTA being the MX for our > domain, our end is the only constant making it more difficult to access for > snooping. Also, as encryption becomes more and more prevelant, this outsourcing > solution becomes totally useless. > > My suggestion has been to utilize the new Mail Filter API provided in our > current MTA, sendmail, to interface with various virus scanning software > such as McAfee's vscan. As we move into encryption, we can move to > Sendmail's SecureSwitch and continue to content and virus scan email before > it's encrypted when sending and after it's encrypted when receiving. Again, > this builds upon our current e-mail infrastructure. > > So far, all they see is that we can outsource virus scanning and prevent ILU > copy-cats. By doing this, "we can sleep at night knowing someone else is > looking after it". Again, am I being overly paranoid? Are these services > secure and would we be able to sleep better at night or should I be pushing > for an in house solution to the e-mail virus problems? Opinions please. > > Thanks in advance. > > JDM - CISSP, CCP, I.S.P., CCSA, CCSE, MCSE, MCP+I, SCSA, SCNA > > - > [To unsubscribe, send mail to [EMAIL PROTECTED] with > "unsubscribe firewalls" in the body of the message.] > - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
