All a script kiddie needs to do is point their exploit script at your unprotected server's IP and it's toast. A gateway can't prevent that from happening.
Not true in our case. A gateway does protect your server if it's the only way to get to said server. Our gateway AV works after the ASSP proxy and intercepts all incoming email before Imail sees it. Connections to Imail are only made from our AV gateway or internal email clients. A script kiddie would have to use a non-malformed address and basically send a valid email with valid addresses to even get to our Imail server after all connection, recipient, and sender validation tests have passed the ASSP proxy and our AV gateway. We patched anyway to protect against internal attacks. ;o) I don't know how SSL and auth on port 587 would be affected for those sites that have external users, but that isn't an issue for pre 8.22 installs. On a similar note, ASSP can intercept and protect against malformed addresses and such on a secondary listen port for the purpose of smtp auth and can route it to Imail listening on 587 or any other ip:port you like. Unfortunately, it can not handle SSL connections for this purpose.
All that being said, I'll have to worry when an exploit is found for my SMTP AV gateway, or ASSP. :o)
Doug Traylor To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
