Well, I will tackle the ones I can...
> We are just beginning to use Imail and I have a couple quick questions
about
> capabilities.
>
> 1. We have another site a few blocks from our main site. Can we include
the
> people at that site in our list of Imail users? What are some ways to
> organize that?
I am not sure I understand the question fully, so forgive me if I am
off-course.
You can add people from another location into the same group of users, or
you could set up two hosts "location1.yourdomain.com" and
"location2.yourdomain.com", but then your users would have to use FQ (Fully
Qualified) addresses like [EMAIL PROTECTED]
Or, you could put them all together and just have them dial in to you to
pick up Mail. NT's RAS is not too cool for big ops, but if you have less
than ten people connecting you could use it to answer calls (be your own
ISP).
If you are just looking to identify them somehow according to location, then
maybe you could just put that into the LDAP info for the user. If you are
talking about a LOT of users than maybe the FQ address thing would be best.
>
> 2. If we just use the imail mail server relayed thru our isp we are not
too
> vulnerable to web nasties (except viruses of course) - true or false?
>
If you have a fixed IP and will recieve your own inbound mail there would be
no benefit to sending your outbound mail through your ISP. The "obscurity"
factor you would get from that would be no shield from attack, and would
just delay your outbound mail. The best protection from "web nasties" is to
use as much of the IMAIL security as you can for what you are doing, and
secure your NT Server. There is a pretty good article on securing NT
servers at http://www.microsoft.com/security/products/iis/CheckList.asp it
is geared towards IIS (Internet Information Server) but is a very good
starting point for securing NT.
> 3. As soon as we put up a web server, ftp server or use the imail web mail
> capacity we need to think about proxy servers and/or firewalls - true or
> false?
>
A proxy server can be used in either direction, but they do little good
unless they are "application level proxies" Firewalls at thier crudest
levels are just like security gaurds that make sure people only come in
through the gate you have opened. Firewalls and Proxies are both good ideas
if you have someone who know's how to set them up for you and doesn't do a
"one size fits all" on you. Some of the good firewalls are upwards of ten
grand, and not worth it unless you have something really critical to protect
or enough people/data to protect to make it worth it. I am not saying you
should not get one, but rather you shouldn't spend that kind of money if it
won't be worth it you. Measure the worst someone could do to you (make you
rebuild a machine and restore from tape?) against the cost and decide for
yourself. If you have someone who can set teh firewall up to really protect
you then by all means it will, but out of the box "setups" do little more
than make you feel safer. That can actually be worse if you are not really
safe because you are less likely to check logs regularly etc. Now if you
just want some basic protection from file system access on port 138 & 139
(NT's NetBIOS ports) etc. consider getting a router with some basic
firewalling capabilities (ie port blocking). You can get an Ascend Router
for under $1000.00 dollars that will do that.
Last thought, if you are going to have people "surfing" from this same
connection than a simple proxy server (like NT's "MS Proxy 2.0") can be a
real good way to keep people on the net from getting to your internal PC's.
The only real protection for your Web/Mail/FTP server's is just secure the
box, back up the files regularly, try not to make too many "net enemies",
and turn off anything you don't need running. That checklist I gave you a
link to is really a good start...
Good Luck
-V
> Thanks in advance for any answers.....
>
>
>
>
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
>
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
