Thanks Vaughn - exactly the sort of starting info I was looking for - I will digest and be back with more questions :) -----Original Message----- From: Vaughn Thurman <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]> Date: Tuesday, June 29, 1999 9:23 PM Subject: Re: [IMail Forum] New User question (Warning, I really answered these! :-0) >Well, I will tackle the ones I can... > >> We are just beginning to use Imail and I have a couple quick questions >about >> capabilities. >> >> 1. We have another site a few blocks from our main site. Can we include >the >> people at that site in our list of Imail users? What are some ways to >> organize that? > >I am not sure I understand the question fully, so forgive me if I am >off-course. > >You can add people from another location into the same group of users, or >you could set up two hosts "location1.yourdomain.com" and >"location2.yourdomain.com", but then your users would have to use FQ (Fully >Qualified) addresses like [EMAIL PROTECTED] > >Or, you could put them all together and just have them dial in to you to >pick up Mail. NT's RAS is not too cool for big ops, but if you have less >than ten people connecting you could use it to answer calls (be your own >ISP). > >If you are just looking to identify them somehow according to location, then >maybe you could just put that into the LDAP info for the user. If you are >talking about a LOT of users than maybe the FQ address thing would be best. > >> >> 2. If we just use the imail mail server relayed thru our isp we are not >too >> vulnerable to web nasties (except viruses of course) - true or false? >> >If you have a fixed IP and will recieve your own inbound mail there would be >no benefit to sending your outbound mail through your ISP. The "obscurity" >factor you would get from that would be no shield from attack, and would >just delay your outbound mail. The best protection from "web nasties" is to >use as much of the IMAIL security as you can for what you are doing, and >secure your NT Server. There is a pretty good article on securing NT >servers at http://www.microsoft.com/security/products/iis/CheckList.asp it >is geared towards IIS (Internet Information Server) but is a very good >starting point for securing NT. > >> 3. As soon as we put up a web server, ftp server or use the imail web mail >> capacity we need to think about proxy servers and/or firewalls - true or >> false? >> > >A proxy server can be used in either direction, but they do little good >unless they are "application level proxies" Firewalls at thier crudest >levels are just like security gaurds that make sure people only come in >through the gate you have opened. Firewalls and Proxies are both good ideas >if you have someone who know's how to set them up for you and doesn't do a >"one size fits all" on you. Some of the good firewalls are upwards of ten >grand, and not worth it unless you have something really critical to protect >or enough people/data to protect to make it worth it. I am not saying you >should not get one, but rather you shouldn't spend that kind of money if it >won't be worth it you. Measure the worst someone could do to you (make you >rebuild a machine and restore from tape?) against the cost and decide for >yourself. If you have someone who can set teh firewall up to really protect >you then by all means it will, but out of the box "setups" do little more >than make you feel safer. That can actually be worse if you are not really >safe because you are less likely to check logs regularly etc. Now if you >just want some basic protection from file system access on port 138 & 139 >(NT's NetBIOS ports) etc. consider getting a router with some basic >firewalling capabilities (ie port blocking). You can get an Ascend Router >for under $1000.00 dollars that will do that. > >Last thought, if you are going to have people "surfing" from this same >connection than a simple proxy server (like NT's "MS Proxy 2.0") can be a >real good way to keep people on the net from getting to your internal PC's. >The only real protection for your Web/Mail/FTP server's is just secure the >box, back up the files regularly, try not to make too many "net enemies", >and turn off anything you don't need running. That checklist I gave you a >link to is really a good start... > >Good Luck >-V > >> Thanks in advance for any answers..... >> >> >> >> >> Please visit http://www.ipswitch.com/support/mailing-lists.html >> to be removed from this list. >> > >Please visit http://www.ipswitch.com/support/mailing-lists.html >to be removed from this list. Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list.
