Sandy, I agree that it's better to have those options than not at all...and as you suggest, I definitely don't use them. But what I am opposed to is allowing email from the internet directly in through the firewall to an server that is in your internal corporate network that is running Imail without doing any scanning on the emails at all before they enter your network.
That's what I am trying to get at...that I personally can't understand why people would want to allow unfiltered content directly into their internal network. Imail 2006 is only brand new....and I don't understand how any of us can be sure that there are no possible flaws that could allow Imail to be manipulated into allowing access to your network. I'm sorry if my last message sounded rude and harsh...but from a security stand-point, Network Security 101 states you should be using a DMZ to filter all traffic before letting it into your network. That's what I was getting at. Chris -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sanford Whiteman Sent: Friday, 2 December 2005 9:24 AM To: Christopher Jones Subject: Re[2]: [IMail Forum] IMAIL / OPENLDAP and allow bind_v2 > And the new features in Imail 2006 to stop dictionary attacks are > almost pointless....because they simply reduce the connections from > the IP address that is sending them mail. How else would you expect dictionary attack prevention to work? It's an MX protection mechanism. > Who in their right mind would allow all email from the internet > directly into their network and the fist server it touches is > Imail????? That's one of the biggest no-no's in IT Security. Ah, gimme a break. IMail is used as an MX at thousands of sites. Whether it's advisable to have _any_ mailbox server also the MX is a non-issue here, although IMail's SMTPD has historically been particularly ill-suited. Obviously, the anti-spam features that relate to envelope-level filtering are designed for those deployments in which IMail is the indeed the MX, and the SMTPD is tons better now than it's ever been. > Allow mail directly in from the Internet to your internal server > running Imail is just asking for trouble.... If you're so opposed to it, don't do it. But you can't fault a product for offering features that are usable in the real world, even if you don't like that real world. --Sandy ------------------------------------ Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release / Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/downloa d/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/re lease/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
