RE: POP = Bad? -- SMTP = Good?
Well, I'll start with my standard response to this topic: SMTP != POP3 SMTP POP3 SMTP .ne. POP3 Now that that's out of the way, you don't let inbound POP access, you're allowing access to your mail server via POP3. Personally, I think that's not appropriate for most organizations, but for some it might be. It certainly isn't for ours, and I tend to disable POP3 on Exchange from the start. To address the attachments issue via POP, that's why my attachment filtering list is deployed both on our gateway mail servers, which manage both inbound and outbound mail as well as on the Exchange servers. With this scheme, all combinations of sender-recipient pairs are covered under the same attachment limitations. Roger -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 1:52 PM To: Exchange Discussions Subject: POP = Bad? -- SMTP = Good? List, This might be more appropriate for a firewall/security list but it involves email and I don't belong to one of those yet so I'll post my question here. I'm curious as to how many of your companies allow internal clients to access POP mail externally. The reason I'm asking is because I see POP mail as security risk. Let me explain. Our firewall strips all but a few attachments from our incoming SMTP email. With POP however attachments cannot be striped leaving a hole for new virus that aren't detectable yet by our virus software. I'm going to try to talk management into letting me block POP. Is blocking incoming POP something other company do? Is there some other way to secure incoming POP mail? Matt _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: POP = Bad? -- SMTP = Good?
It seems that if all mail comes initially through the BSD box, then that's where the AV should occur. I realize that it's not necessarily your box or jurisdiction, but it seems negligent of the staff who manage that box to not have any AV protection. Mayhaps you can ask someone here to send along a few virussesisses to your users to illustrate the point if you are unable to convince them... ;) -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 11:38 PM To: Exchange Discussions Ok Im getting tired and its late and I've been here at work since 8:00am. I'm going to try one more time to clear this up. Campus email servers are OpenBSD something or other. They forward mail to my exchange server via SMTP. (not the problem) Users inside my firewall that don't use my exchange server get their mail from the main campus OpenBSD email server via POP. (the problem) Therefore bypassing my ability to strip there harmful attachments. Matt -Original Message- From: deji [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 11:16 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? Then in this case I would say it does not matter whether they POP, PIP, or personally imbibe it, IF your exchange server's AV signature doesn't catch the Virus, the client will get it. All the mails go through your Exchange server. Concentrate your efforts on making your AV work better on the server, and stop worrying about a non-issue. HTH Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Plahtinsky Sent: Thursday, June 12, 2003 3:35 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? The reason I asked the original question is because I work at a .EDU All mail goes to a [EMAIL PROTECTED] address on a central campus server. From there people either have their mail forwarded to their department mail server like [EMAIL PROTECTED] (my exchange server) address or use POP to down load their mail from the campus server. I have been trying to get management to force everyone to go through my exchange server so my firewall can strip all those bad attachment types. As it is a virus can sneak into my network with an attachment through POP. All my anti-virus software is set to update daily but if a new virus is able to make it in via POP before my anti-virus software updates. BAM lots and lots of work :( Matt -Original Message- From: Durkee, Peter [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 5:32 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? I think the original question must have related to POPing out for personal mail, because otherwise the normal attachment stripping would occur. Clearly if you're just popping into your regular Exchange mailbox, you're just as protected from viruses as you are accessing it any other way. -Peter -Original Message- From: Erik Sojka [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 14:04 To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? Allowing employees to POP personal mail? Hmmm I didn't see that in the question but it's als a bad idea... -Original Message- From: Ed Crowley [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 4:46 PM To: Exchange Discussions I believe the question here was specifically whether to allow internal POP clients to pull their mail (personal, presumably) from outside sources. To that, I would agree it is a very poor idea to allow that. As to whether to allow POP usage from outside, I would also agree that allowing it is a poor idea, but there are ways to make it not so poor. Even though it is primative, POP is still a protocol that is necessary for clients running on non-Windows platforms. You can configure Exchange 2000 to support only POP with SSL, somewhat reducing the vulnerability, or, better yet, allow it only through a VPN. Still, I would be encouraging such users to try to use IMAP instead, but it is not without its risks as well. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka Sent: Thursday, June 12, 2003 1:09 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? Mmmm. Man hours. Presumably since you are posting to an Exchange list, you are running Exchange. If you just want a POP server you have wasted your money. If remote access is an issue, set up OWA
RE: POP = Bad? -- SMTP = Good?
Okay, so now I understand. But I don't see how you have any choice here since the mail to which you are referring doesn't ever pass through your Exchange Server. If you're asking whether it should, and your users should be allowed to pull it using POP from outside locations, then, given the limitations in your environment, I'd say it's probably the lesser of two evils to allow it. That is, if they can already get into the central Unix mail server and pull using POP from the outside, what's the added risk of exposing your server to the same thing? You could force the use of SSL so that an intruder will attack the easier central mail server target (presuming they allow non-SSL access to POP). Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Plahtinsky Sent: Thursday, June 12, 2003 8:38 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? Ok Im getting tired and its late and I've been here at work since 8:00am. I'm going to try one more time to clear this up. Campus email servers are OpenBSD something or other. They forward mail to my exchange server via SMTP. (not the problem) Users inside my firewall that don't use my exchange server get their mail from the main campus OpenBSD email server via POP. (the problem) Therefore bypassing my ability to strip there harmful attachments. Matt -Original Message- From: deji [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 11:16 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? Then in this case I would say it does not matter whether they POP, PIP, or personally imbibe it, IF your exchange server's AV signature doesn't catch the Virus, the client will get it. All the mails go through your Exchange server. Concentrate your efforts on making your AV work better on the server, and stop worrying about a non-issue. HTH Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Plahtinsky Sent: Thursday, June 12, 2003 3:35 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? The reason I asked the original question is because I work at a .EDU All mail goes to a [EMAIL PROTECTED] address on a central campus server. From there people either have their mail forwarded to their department mail server like [EMAIL PROTECTED] (my exchange server) address or use POP to down load their mail from the campus server. I have been trying to get management to force everyone to go through my exchange server so my firewall can strip all those bad attachment types. As it is a virus can sneak into my network with an attachment through POP. All my anti-virus software is set to update daily but if a new virus is able to make it in via POP before my anti-virus software updates. BAM lots and lots of work :( Matt -Original Message- From: Durkee, Peter [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 5:32 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? I think the original question must have related to POPing out for personal mail, because otherwise the normal attachment stripping would occur. Clearly if you're just popping into your regular Exchange mailbox, you're just as protected from viruses as you are accessing it any other way. -Peter -Original Message- From: Erik Sojka [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 14:04 To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? Allowing employees to POP personal mail? Hmmm I didn't see that in the question but it's als a bad idea... -Original Message- From: Ed Crowley [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 4:46 PM To: Exchange Discussions I believe the question here was specifically whether to allow internal POP clients to pull their mail (personal, presumably) from outside sources. To that, I would agree it is a very poor idea to allow that. As to whether to allow POP usage from outside, I would also agree that allowing it is a poor idea, but there are ways to make it not so poor. Even though it is primative, POP is still a protocol that is necessary for clients running on non-Windows platforms. You can configure Exchange 2000 to support only POP with SSL, somewhat reducing the vulnerability, or, better yet, allow it only through a VPN. Still, I would be encouraging such users to try to use IMAP instead, but it is not without its risks as well. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka Sent: Thursday
RE: POP = Bad? -- SMTP = Good?
Hi Matt, If I am reading this right, the OpenBSD servers selectively (dependant upon account) forward some of the mail to your Exchange system and retain the rest for POP collection? The users with POP email programs then bypass any perimeter security you have implemented by collecting direct from the OpenBSD server that has not stripped attachments. All users that can communicate with the Exchange system do so, and by doing so only collect mail that has had sensitive attachments stripped. If this is the case, why not do the following:- Create accounts for all your users on your Exchange system and arrange for all mail to be forwarded by SMTP. Close POP at the firewall to prevent abuse. To allow those users that 'must' continue to use POP to collect their mail, enable POP collection from your Exchange server. The result is - You are fully protected, as all mail has attachments stripped, and the users are happy as they have not had to change their methods of mail retrieval. Nick -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: 13 June 2003 04:38 To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? Ok Im getting tired and its late and I've been here at work since 8:00am. I'm going to try one more time to clear this up. Campus email servers are OpenBSD something or other. They forward mail to my exchange server via SMTP. (not the problem) Users inside my firewall that don't use my exchange server get their mail from the main campus OpenBSD email server via POP. (the problem) Therefore bypassing my ability to strip there harmful attachments. Matt -Original Message- From: deji [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 11:16 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? Then in this case I would say it does not matter whether they POP, PIP, or personally imbibe it, IF your exchange server's AV signature doesn't catch the Virus, the client will get it. All the mails go through your Exchange server. Concentrate your efforts on making your AV work better on the server, and stop worrying about a non-issue. HTH Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Plahtinsky Sent: Thursday, June 12, 2003 3:35 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? The reason I asked the original question is because I work at a .EDU All mail goes to a [EMAIL PROTECTED] address on a central campus server. From there people either have their mail forwarded to their department mail server like [EMAIL PROTECTED] (my exchange server) address or use POP to down load their mail from the campus server. I have been trying to get management to force everyone to go through my exchange server so my firewall can strip all those bad attachment types. As it is a virus can sneak into my network with an attachment through POP. All my anti-virus software is set to update daily but if a new virus is able to make it in via POP before my anti-virus software updates. BAM lots and lots of work :( Matt -Original Message- From: Durkee, Peter [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 5:32 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? I think the original question must have related to POPing out for personal mail, because otherwise the normal attachment stripping would occur. Clearly if you're just popping into your regular Exchange mailbox, you're just as protected from viruses as you are accessing it any other way. -Peter -Original Message- From: Erik Sojka [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 14:04 To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? Allowing employees to POP personal mail? Hmmm I didn't see that in the question but it's als a bad idea... -Original Message- From: Ed Crowley [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 4:46 PM To: Exchange Discussions I believe the question here was specifically whether to allow internal POP clients to pull their mail (personal, presumably) from outside sources. To that, I would agree it is a very poor idea to allow that. As to whether to allow POP usage from outside, I would also agree that allowing it is a poor idea, but there are ways to make it not so poor. Even though it is primative, POP is still a protocol that is necessary for clients running on non-Windows platforms. You can configure Exchange 2000 to support only POP with SSL, somewhat reducing the vulnerability, or, better yet, allow it only through a VPN. Still, I would be encouraging such users to try to use IMAP instead, but it is not without its risks as well. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs
RE: POP = Bad? -- SMTP = Good?
Your thinking is right on the money. If someone POPs their mail to a local PC and opens a virus, chances are that virus is going to head straight for the user OL contacts or the GAL. No way do we allow POP mail access. -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 10:52 AM To: Exchange Discussions List, This might be more appropriate for a firewall/security list but it involves email and I don't belong to one of those yet so I'll post my question here. I'm curious as to how many of your companies allow internal clients to access POP mail externally. The reason I'm asking is because I see POP mail as security risk. Let me explain. Our firewall strips all but a few attachments from our incoming SMTP email. With POP however attachments cannot be striped leaving a hole for new virus that aren't detectable yet by our virus software. I'm going to try to talk management into letting me block POP. Is blocking incoming POP something other company do? Is there some other way to secure incoming POP mail? Matt _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: POP = Bad? -- SMTP = Good?
We block POP access as we have an SMTP gateway scanner scanning for virus's and spam. -Ryan N. Ryan Fennema, MCSE Network Administrator X-Rite Incorporated - Grandville, MI Phone: (616) 257-2165 Fax: (616) 257-2165 [EMAIL PROTECTED] www.XRite.com -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 1:52 PM To: Exchange Discussions Subject: POP = Bad? -- SMTP = Good? List, This might be more appropriate for a firewall/security list but it involves email and I don't belong to one of those yet so I'll post my question here. I'm curious as to how many of your companies allow internal clients to access POP mail externally. The reason I'm asking is because I see POP mail as security risk. Let me explain. Our firewall strips all but a few attachments from our incoming SMTP email. With POP however attachments cannot be striped leaving a hole for new virus that aren't detectable yet by our virus software. I'm going to try to talk management into letting me block POP. Is blocking incoming POP something other company do? Is there some other way to secure incoming POP mail? Matt _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: POP = Bad? -- SMTP = Good?
Depends on your company and what they need. Here: If it's E-Mail and if it does pass thru my Trend box first then to my Exchange box I don't allow it...Yes that includes Web based e-mail accounts too...I block all that too... IM blocked toomost downloading also...my list goes on but that's just here...I've been other place where its a free for alldepends on the company.. if they don't think of it as job security 0.02 bill -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 1:52 PM To: Exchange Discussions Subject: POP = Bad? -- SMTP = Good? List, This might be more appropriate for a firewall/security list but it involves email and I don't belong to one of those yet so I'll post my question here. I'm curious as to how many of your companies allow internal clients to access POP mail externally. The reason I'm asking is because I see POP mail as security risk. Let me explain. Our firewall strips all but a few attachments from our incoming SMTP email. With POP however attachments cannot be striped leaving a hole for new virus that aren't detectable yet by our virus software. I'm going to try to talk management into letting me block POP. Is blocking incoming POP something other company do? Is there some other way to secure incoming POP mail? Matt _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: POP = Bad? -- SMTP = Good?
I agree with you from a Security Standpoint that POP has certain risks, but maybe a better topic for management is the additional headache POP is from a support standpoint.. Imagine if you will a Marketing person gets a new machine at home, this person sets up outlook to download via POP3, instead of choosing to leave the messages on the server they opt to download everything and remove (could be a simple mistake) however when they come into work the next day all their email is gone. Now you could restore from backup which = man-hours or you could have the guy bring in his machine and copy all the data from it which = man hours. However if you are running Exchange this Marketing guy could have accessed via OWA or VPN, or even if you were not using Exchange VPN or some 3rd Party web tool.. In other words Pop = Bad Joshua Joshua Morgan Email: [EMAIL PROTECTED] -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 1:52 PM To: Exchange Discussions Subject: POP = Bad? -- SMTP = Good? List, This might be more appropriate for a firewall/security list but it involves email and I don't belong to one of those yet so I'll post my question here. I'm curious as to how many of your companies allow internal clients to access POP mail externally. The reason I'm asking is because I see POP mail as security risk. Let me explain. Our firewall strips all but a few attachments from our incoming SMTP email. With POP however attachments cannot be striped leaving a hole for new virus that aren't detectable yet by our virus software. I'm going to try to talk management into letting me block POP. Is blocking incoming POP something other company do? Is there some other way to secure incoming POP mail? Matt _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: POP = Bad? -- SMTP = Good?
Thanks for all the replies. Death to POP!!! (evil laugh Ha. Ha. Ha. .) Matt -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 1:56 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? Your thinking is right on the money. If someone POPs their mail to a local PC and opens a virus, chances are that virus is going to head straight for the user OL contacts or the GAL. No way do we allow POP mail access. -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 10:52 AM To: Exchange Discussions List, This might be more appropriate for a firewall/security list but it involves email and I don't belong to one of those yet so I'll post my question here. I'm curious as to how many of your companies allow internal clients to access POP mail externally. The reason I'm asking is because I see POP mail as security risk. Let me explain. Our firewall strips all but a few attachments from our incoming SMTP email. With POP however attachments cannot be striped leaving a hole for new virus that aren't detectable yet by our virus software. I'm going to try to talk management into letting me block POP. Is blocking incoming POP something other company do? Is there some other way to secure incoming POP mail? Matt _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: POP = Bad? -- SMTP = Good?
[bad grade-school joke] Q: What goes, Ha ha ha...plop, Ha ha ha...plop, Ha ha ha...plop? A: Someone laughing their head off! [\bad grade-school joke] -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 12:50 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? Thanks for all the replies. Death to POP!!! (evil laugh Ha. Ha. Ha. .) Matt -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 1:56 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? Your thinking is right on the money. If someone POPs their mail to a local PC and opens a virus, chances are that virus is going to head straight for the user OL contacts or the GAL. No way do we allow POP mail access. -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 10:52 AM To: Exchange Discussions List, This might be more appropriate for a firewall/security list but it involves email and I don't belong to one of those yet so I'll post my question here. I'm curious as to how many of your companies allow internal clients to access POP mail externally. The reason I'm asking is because I see POP mail as security risk. Let me explain. Our firewall strips all but a few attachments from our incoming SMTP email. With POP however attachments cannot be striped leaving a hole for new virus that aren't detectable yet by our virus software. I'm going to try to talk management into letting me block POP. Is blocking incoming POP something other company do? Is there some other way to secure incoming POP mail? Matt _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: POP = Bad? -- SMTP = Good?
We allow pop, but utilize sendmail for SMTP. Then we have a service for spam and virus protection, and then we have virus protection on the server as well. Does that help at all? John Parker, MCSE IS Admin. Senior Technical Specialist Digital Display Systems. Alpha Video Be excellent to each other ---End of Line--- _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: POP = Bad? -- SMTP = Good?
Mmmm. Man hours. Presumably since you are posting to an Exchange list, you are running Exchange. If you just want a POP server you have wasted your money. If remote access is an issue, set up OWA. If virusesiises are an issue, run AV software on your Exchange boxes. -Original Message- From: Joshua R. Morgan [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 1:58 PM To: Exchange Discussions I agree with you from a Security Standpoint that POP has certain risks, but maybe a better topic for management is the additional headache POP is from a support standpoint.. Imagine if you will a Marketing person gets a new machine at home, this person sets up outlook to download via POP3, instead of choosing to leave the messages on the server they opt to download everything and remove (could be a simple mistake) however when they come into work the next day all their email is gone. Now you could restore from backup which = man-hours or you could have the guy bring in his machine and copy all the data from it which = man hours. However if you are running Exchange this Marketing guy could have accessed via OWA or VPN, or even if you were not using Exchange VPN or some 3rd Party web tool.. In other words Pop = Bad Joshua Joshua Morgan Email: [EMAIL PROTECTED] -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 1:52 PM To: Exchange Discussions Subject: POP = Bad? -- SMTP = Good? List, This might be more appropriate for a firewall/security list but it involves email and I don't belong to one of those yet so I'll post my question here. I'm curious as to how many of your companies allow internal clients to access POP mail externally. The reason I'm asking is because I see POP mail as security risk. Let me explain. Our firewall strips all but a few attachments from our incoming SMTP email. With POP however attachments cannot be striped leaving a hole for new virus that aren't detectable yet by our virus software. I'm going to try to talk management into letting me block POP. Is blocking incoming POP something other company do? Is there some other way to secure incoming POP mail? Matt _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode= lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: POP = Bad? -- SMTP = Good?
I believe the question here was specifically whether to allow internal POP clients to pull their mail (personal, presumably) from outside sources. To that, I would agree it is a very poor idea to allow that. As to whether to allow POP usage from outside, I would also agree that allowing it is a poor idea, but there are ways to make it not so poor. Even though it is primative, POP is still a protocol that is necessary for clients running on non-Windows platforms. You can configure Exchange 2000 to support only POP with SSL, somewhat reducing the vulnerability, or, better yet, allow it only through a VPN. Still, I would be encouraging such users to try to use IMAP instead, but it is not without its risks as well. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka Sent: Thursday, June 12, 2003 1:09 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? Mmmm. Man hours. Presumably since you are posting to an Exchange list, you are running Exchange. If you just want a POP server you have wasted your money. If remote access is an issue, set up OWA. If virusesiises are an issue, run AV software on your Exchange boxes. -Original Message- From: Joshua R. Morgan [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 1:58 PM To: Exchange Discussions I agree with you from a Security Standpoint that POP has certain risks, but maybe a better topic for management is the additional headache POP is from a support standpoint.. Imagine if you will a Marketing person gets a new machine at home, this person sets up outlook to download via POP3, instead of choosing to leave the messages on the server they opt to download everything and remove (could be a simple mistake) however when they come into work the next day all their email is gone. Now you could restore from backup which = man-hours or you could have the guy bring in his machine and copy all the data from it which = man hours. However if you are running Exchange this Marketing guy could have accessed via OWA or VPN, or even if you were not using Exchange VPN or some 3rd Party web tool.. In other words Pop = Bad Joshua Joshua Morgan Email: [EMAIL PROTECTED] -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 1:52 PM To: Exchange Discussions Subject: POP = Bad? -- SMTP = Good? List, This might be more appropriate for a firewall/security list but it involves email and I don't belong to one of those yet so I'll post my question here. I'm curious as to how many of your companies allow internal clients to access POP mail externally. The reason I'm asking is because I see POP mail as security risk. Let me explain. Our firewall strips all but a few attachments from our incoming SMTP email. With POP however attachments cannot be striped leaving a hole for new virus that aren't detectable yet by our virus software. I'm going to try to talk management into letting me block POP. Is blocking incoming POP something other company do? Is there some other way to secure incoming POP mail? Matt _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode= lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: POP = Bad? -- SMTP = Good?
Allowing employees to POP personal mail? Hmmm I didn't see that in the question but it's als a bad idea... -Original Message- From: Ed Crowley [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 4:46 PM To: Exchange Discussions I believe the question here was specifically whether to allow internal POP clients to pull their mail (personal, presumably) from outside sources. To that, I would agree it is a very poor idea to allow that. As to whether to allow POP usage from outside, I would also agree that allowing it is a poor idea, but there are ways to make it not so poor. Even though it is primative, POP is still a protocol that is necessary for clients running on non-Windows platforms. You can configure Exchange 2000 to support only POP with SSL, somewhat reducing the vulnerability, or, better yet, allow it only through a VPN. Still, I would be encouraging such users to try to use IMAP instead, but it is not without its risks as well. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka Sent: Thursday, June 12, 2003 1:09 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? Mmmm. Man hours. Presumably since you are posting to an Exchange list, you are running Exchange. If you just want a POP server you have wasted your money. If remote access is an issue, set up OWA. If virusesiises are an issue, run AV software on your Exchange boxes. -Original Message- From: Joshua R. Morgan [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 1:58 PM To: Exchange Discussions I agree with you from a Security Standpoint that POP has certain risks, but maybe a better topic for management is the additional headache POP is from a support standpoint.. Imagine if you will a Marketing person gets a new machine at home, this person sets up outlook to download via POP3, instead of choosing to leave the messages on the server they opt to download everything and remove (could be a simple mistake) however when they come into work the next day all their email is gone. Now you could restore from backup which = man-hours or you could have the guy bring in his machine and copy all the data from it which = man hours. However if you are running Exchange this Marketing guy could have accessed via OWA or VPN, or even if you were not using Exchange VPN or some 3rd Party web tool.. In other words Pop = Bad Joshua Joshua Morgan Email: [EMAIL PROTECTED] -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 1:52 PM To: Exchange Discussions Subject: POP = Bad? -- SMTP = Good? List, This might be more appropriate for a firewall/security list but it involves email and I don't belong to one of those yet so I'll post my question here. I'm curious as to how many of your companies allow internal clients to access POP mail externally. The reason I'm asking is because I see POP mail as security risk. Let me explain. Our firewall strips all but a few attachments from our incoming SMTP email. With POP however attachments cannot be striped leaving a hole for new virus that aren't detectable yet by our virus software. I'm going to try to talk management into letting me block POP. Is blocking incoming POP something other company do? Is there some other way to secure incoming POP mail? Matt _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode= lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe
RE: POP = Bad? -- SMTP = Good?
I think the original question must have related to POPing out for personal mail, because otherwise the normal attachment stripping would occur. Clearly if you're just popping into your regular Exchange mailbox, you're just as protected from viruses as you are accessing it any other way. -Peter -Original Message- From: Erik Sojka [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 14:04 To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? Allowing employees to POP personal mail? Hmmm I didn't see that in the question but it's als a bad idea... -Original Message- From: Ed Crowley [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 4:46 PM To: Exchange Discussions I believe the question here was specifically whether to allow internal POP clients to pull their mail (personal, presumably) from outside sources. To that, I would agree it is a very poor idea to allow that. As to whether to allow POP usage from outside, I would also agree that allowing it is a poor idea, but there are ways to make it not so poor. Even though it is primative, POP is still a protocol that is necessary for clients running on non-Windows platforms. You can configure Exchange 2000 to support only POP with SSL, somewhat reducing the vulnerability, or, better yet, allow it only through a VPN. Still, I would be encouraging such users to try to use IMAP instead, but it is not without its risks as well. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka Sent: Thursday, June 12, 2003 1:09 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? Mmmm. Man hours. Presumably since you are posting to an Exchange list, you are running Exchange. If you just want a POP server you have wasted your money. If remote access is an issue, set up OWA. If virusesiises are an issue, run AV software on your Exchange boxes. -Original Message- From: Joshua R. Morgan [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 1:58 PM To: Exchange Discussions I agree with you from a Security Standpoint that POP has certain risks, but maybe a better topic for management is the additional headache POP is from a support standpoint.. Imagine if you will a Marketing person gets a new machine at home, this person sets up outlook to download via POP3, instead of choosing to leave the messages on the server they opt to download everything and remove (could be a simple mistake) however when they come into work the next day all their email is gone. Now you could restore from backup which = man-hours or you could have the guy bring in his machine and copy all the data from it which = man hours. However if you are running Exchange this Marketing guy could have accessed via OWA or VPN, or even if you were not using Exchange VPN or some 3rd Party web tool.. In other words Pop = Bad Joshua Joshua Morgan Email: [EMAIL PROTECTED] -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 1:52 PM To: Exchange Discussions Subject: POP = Bad? -- SMTP = Good? List, This might be more appropriate for a firewall/security list but it involves email and I don't belong to one of those yet so I'll post my question here. I'm curious as to how many of your companies allow internal clients to access POP mail externally. The reason I'm asking is because I see POP mail as security risk. Let me explain. Our firewall strips all but a few attachments from our incoming SMTP email. With POP however attachments cannot be striped leaving a hole for new virus that aren't detectable yet by our virus software. I'm going to try to talk management into letting me block POP. Is blocking incoming POP something other company do? Is there some other way to secure incoming POP mail? Matt _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode= lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource
RE: POP = Bad? -- SMTP = Good?
The reason I asked the original question is because I work at a .EDU All mail goes to a [EMAIL PROTECTED] address on a central campus server. From there people either have their mail forwarded to their department mail server like [EMAIL PROTECTED] (my exchange server) address or use POP to down load their mail from the campus server. I have been trying to get management to force everyone to go through my exchange server so my firewall can strip all those bad attachment types. As it is a virus can sneak into my network with an attachment through POP. All my anti-virus software is set to update daily but if a new virus is able to make it in via POP before my anti-virus software updates. BAM lots and lots of work :( Matt -Original Message- From: Durkee, Peter [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 5:32 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? I think the original question must have related to POPing out for personal mail, because otherwise the normal attachment stripping would occur. Clearly if you're just popping into your regular Exchange mailbox, you're just as protected from viruses as you are accessing it any other way. -Peter -Original Message- From: Erik Sojka [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 14:04 To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? Allowing employees to POP personal mail? Hmmm I didn't see that in the question but it's als a bad idea... -Original Message- From: Ed Crowley [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 4:46 PM To: Exchange Discussions I believe the question here was specifically whether to allow internal POP clients to pull their mail (personal, presumably) from outside sources. To that, I would agree it is a very poor idea to allow that. As to whether to allow POP usage from outside, I would also agree that allowing it is a poor idea, but there are ways to make it not so poor. Even though it is primative, POP is still a protocol that is necessary for clients running on non-Windows platforms. You can configure Exchange 2000 to support only POP with SSL, somewhat reducing the vulnerability, or, better yet, allow it only through a VPN. Still, I would be encouraging such users to try to use IMAP instead, but it is not without its risks as well. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka Sent: Thursday, June 12, 2003 1:09 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? Mmmm. Man hours. Presumably since you are posting to an Exchange list, you are running Exchange. If you just want a POP server you have wasted your money. If remote access is an issue, set up OWA. If virusesiises are an issue, run AV software on your Exchange boxes. -Original Message- From: Joshua R. Morgan [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 1:58 PM To: Exchange Discussions I agree with you from a Security Standpoint that POP has certain risks, but maybe a better topic for management is the additional headache POP is from a support standpoint.. Imagine if you will a Marketing person gets a new machine at home, this person sets up outlook to download via POP3, instead of choosing to leave the messages on the server they opt to download everything and remove (could be a simple mistake) however when they come into work the next day all their email is gone. Now you could restore from backup which = man-hours or you could have the guy bring in his machine and copy all the data from it which = man hours. However if you are running Exchange this Marketing guy could have accessed via OWA or VPN, or even if you were not using Exchange VPN or some 3rd Party web tool.. In other words Pop = Bad Joshua Joshua Morgan Email: [EMAIL PROTECTED] -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 1:52 PM To: Exchange Discussions Subject: POP = Bad? -- SMTP = Good? List, This might be more appropriate for a firewall/security list but it involves email and I don't belong to one of those yet so I'll post my question here. I'm curious as to how many of your companies allow internal clients to access POP mail externally. The reason I'm asking is because I see POP mail as security risk. Let me explain. Our firewall strips all but a few attachments from our incoming SMTP email. With POP however attachments cannot be striped leaving a hole for new virus that aren't detectable yet by our virus software. I'm going to try to talk management into letting me block POP. Is blocking incoming POP something other
RE: POP = Bad? -- SMTP = Good?
That clarifies it, and I know it is difficult to do the right thing when supporting a University. So you *were* talking about staff POPping your mail from the Exchange server. Eat that, Ed! [1] You may be able to propose a compromise: - All SMTP mail must be delivered to the Exchange server and be AV scanned. - Disallow file types that are commonly used to send virusesiises. The Martin Blackstone list in Appendix F of the FAQ may help here. Can I assume that if these people are using University computers, they have University-installed and -managed AV software running on them? That may also mitigate the virus risk and provide another level of protection. - Allow IMAP instead of POP? [1] Totally kidding!! -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 6:35 PM To: Exchange Discussions The reason I asked the original question is because I work at a .EDU All mail goes to a [EMAIL PROTECTED] address on a central campus server. From there people either have their mail forwarded to their department mail server like [EMAIL PROTECTED] (my exchange server) address or use POP to down load their mail from the campus server. I have been trying to get management to force everyone to go through my exchange server so my firewall can strip all those bad attachment types. As it is a virus can sneak into my network with an attachment through POP. All my anti-virus software is set to update daily but if a new virus is able to make it in via POP before my anti-virus software updates. BAM lots and lots of work :( Matt -Original Message- From: Durkee, Peter [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 5:32 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? I think the original question must have related to POPing out for personal mail, because otherwise the normal attachment stripping would occur. Clearly if you're just popping into your regular Exchange mailbox, you're just as protected from viruses as you are accessing it any other way. -Peter -Original Message- From: Erik Sojka [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 14:04 To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? Allowing employees to POP personal mail? Hmmm I didn't see that in the question but it's als a bad idea... -Original Message- From: Ed Crowley [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 4:46 PM To: Exchange Discussions I believe the question here was specifically whether to allow internal POP clients to pull their mail (personal, presumably) from outside sources. To that, I would agree it is a very poor idea to allow that. As to whether to allow POP usage from outside, I would also agree that allowing it is a poor idea, but there are ways to make it not so poor. Even though it is primative, POP is still a protocol that is necessary for clients running on non-Windows platforms. You can configure Exchange 2000 to support only POP with SSL, somewhat reducing the vulnerability, or, better yet, allow it only through a VPN. Still, I would be encouraging such users to try to use IMAP instead, but it is not without its risks as well. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka Sent: Thursday, June 12, 2003 1:09 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? Mmmm. Man hours. Presumably since you are posting to an Exchange list, you are running Exchange. If you just want a POP server you have wasted your money. If remote access is an issue, set up OWA. If virusesiises are an issue, run AV software on your Exchange boxes. -Original Message- From: Joshua R. Morgan [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 1:58 PM To: Exchange Discussions I agree with you from a Security Standpoint that POP has certain risks, but maybe a better topic for management is the additional headache POP is from a support standpoint.. Imagine if you will a Marketing person gets a new machine at home, this person sets up outlook to download via POP3, instead of choosing to leave the messages on the server they opt to download everything and remove (could be a simple mistake) however when they come into work the next day all their email is gone. Now you could restore from backup which = man-hours or you could have the guy bring in his machine and copy all the data from it which = man hours. However if you are running Exchange this Marketing guy could have accessed via OWA or VPN, or even if you were not using Exchange VPN or some
RE: POP = Bad? -- SMTP = Good?
Didn't he say that everyone downloads from his Exchange server? Then what's the problem? All mail comes to the Exchange server first, right? Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka Sent: Thursday, June 12, 2003 3:44 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? That clarifies it, and I know it is difficult to do the right thing when supporting a University. So you *were* talking about staff POPping your mail from the Exchange server. Eat that, Ed! [1] You may be able to propose a compromise: - All SMTP mail must be delivered to the Exchange server and be AV scanned. - Disallow file types that are commonly used to send virusesiises. The Martin Blackstone list in Appendix F of the FAQ may help here. Can I assume that if these people are using University computers, they have University-installed and -managed AV software running on them? That may also mitigate the virus risk and provide another level of protection. - Allow IMAP instead of POP? [1] Totally kidding!! -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 6:35 PM To: Exchange Discussions The reason I asked the original question is because I work at a .EDU All mail goes to a [EMAIL PROTECTED] address on a central campus server. From there people either have their mail forwarded to their department mail server like [EMAIL PROTECTED] (my exchange server) address or use POP to down load their mail from the campus server. I have been trying to get management to force everyone to go through my exchange server so my firewall can strip all those bad attachment types. As it is a virus can sneak into my network with an attachment through POP. All my anti-virus software is set to update daily but if a new virus is able to make it in via POP before my anti-virus software updates. BAM lots and lots of work :( Matt -Original Message- From: Durkee, Peter [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 5:32 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? I think the original question must have related to POPing out for personal mail, because otherwise the normal attachment stripping would occur. Clearly if you're just popping into your regular Exchange mailbox, you're just as protected from viruses as you are accessing it any other way. -Peter -Original Message- From: Erik Sojka [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 14:04 To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? Allowing employees to POP personal mail? Hmmm I didn't see that in the question but it's als a bad idea... -Original Message- From: Ed Crowley [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 4:46 PM To: Exchange Discussions I believe the question here was specifically whether to allow internal POP clients to pull their mail (personal, presumably) from outside sources. To that, I would agree it is a very poor idea to allow that. As to whether to allow POP usage from outside, I would also agree that allowing it is a poor idea, but there are ways to make it not so poor. Even though it is primative, POP is still a protocol that is necessary for clients running on non-Windows platforms. You can configure Exchange 2000 to support only POP with SSL, somewhat reducing the vulnerability, or, better yet, allow it only through a VPN. Still, I would be encouraging such users to try to use IMAP instead, but it is not without its risks as well. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka Sent: Thursday, June 12, 2003 1:09 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? Mmmm. Man hours. Presumably since you are posting to an Exchange list, you are running Exchange. If you just want a POP server you have wasted your money. If remote access is an issue, set up OWA. If virusesiises are an issue, run AV software on your Exchange boxes. -Original Message- From: Joshua R. Morgan [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 1:58 PM To: Exchange Discussions I agree with you from a Security Standpoint that POP has certain risks, but maybe a better topic for management is the additional headache POP is from a support standpoint.. Imagine if you will a Marketing person gets a new machine at home, this person sets up outlook to download via POP3, instead of choosing to leave the messages on the server they opt
RE: POP = Bad? -- SMTP = Good?
Then in this case I would say it does not matter whether they POP, PIP, or personally imbibe it, IF your exchange server's AV signature doesn't catch the Virus, the client will get it. All the mails go through your Exchange server. Concentrate your efforts on making your AV work better on the server, and stop worrying about a non-issue. HTH Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Plahtinsky Sent: Thursday, June 12, 2003 3:35 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? The reason I asked the original question is because I work at a .EDU All mail goes to a [EMAIL PROTECTED] address on a central campus server. From there people either have their mail forwarded to their department mail server like [EMAIL PROTECTED] (my exchange server) address or use POP to down load their mail from the campus server. I have been trying to get management to force everyone to go through my exchange server so my firewall can strip all those bad attachment types. As it is a virus can sneak into my network with an attachment through POP. All my anti-virus software is set to update daily but if a new virus is able to make it in via POP before my anti-virus software updates. BAM lots and lots of work :( Matt -Original Message- From: Durkee, Peter [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 5:32 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? I think the original question must have related to POPing out for personal mail, because otherwise the normal attachment stripping would occur. Clearly if you're just popping into your regular Exchange mailbox, you're just as protected from viruses as you are accessing it any other way. -Peter -Original Message- From: Erik Sojka [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 14:04 To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? Allowing employees to POP personal mail? Hmmm I didn't see that in the question but it's als a bad idea... -Original Message- From: Ed Crowley [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 4:46 PM To: Exchange Discussions I believe the question here was specifically whether to allow internal POP clients to pull their mail (personal, presumably) from outside sources. To that, I would agree it is a very poor idea to allow that. As to whether to allow POP usage from outside, I would also agree that allowing it is a poor idea, but there are ways to make it not so poor. Even though it is primative, POP is still a protocol that is necessary for clients running on non-Windows platforms. You can configure Exchange 2000 to support only POP with SSL, somewhat reducing the vulnerability, or, better yet, allow it only through a VPN. Still, I would be encouraging such users to try to use IMAP instead, but it is not without its risks as well. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka Sent: Thursday, June 12, 2003 1:09 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? Mmmm. Man hours. Presumably since you are posting to an Exchange list, you are running Exchange. If you just want a POP server you have wasted your money. If remote access is an issue, set up OWA. If virusesiises are an issue, run AV software on your Exchange boxes. -Original Message- From: Joshua R. Morgan [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 1:58 PM To: Exchange Discussions I agree with you from a Security Standpoint that POP has certain risks, but maybe a better topic for management is the additional headache POP is from a support standpoint.. Imagine if you will a Marketing person gets a new machine at home, this person sets up outlook to download via POP3, instead of choosing to leave the messages on the server they opt to download everything and remove (could be a simple mistake) however when they come into work the next day all their email is gone. Now you could restore from backup which = man-hours or you could have the guy bring in his machine and copy all the data from it which = man hours. However if you are running Exchange this Marketing guy could have accessed via OWA or VPN, or even if you were not using Exchange VPN or some 3rd Party web tool.. In other words Pop = Bad Joshua Joshua Morgan Email: [EMAIL PROTECTED] -Original Message- From: Matt Plahtinsky [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 1:52 PM To: Exchange Discussions Subject: POP = Bad? -- SMTP = Good? List
RE: POP = Bad? -- SMTP = Good?
Ok Im getting tired and its late and I've been here at work since 8:00am. I'm going to try one more time to clear this up. Campus email servers are OpenBSD something or other. They forward mail to my exchange server via SMTP. (not the problem) Users inside my firewall that don't use my exchange server get their mail from the main campus OpenBSD email server via POP. (the problem) Therefore bypassing my ability to strip there harmful attachments. Matt -Original Message- From: deji [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 11:16 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? Then in this case I would say it does not matter whether they POP, PIP, or personally imbibe it, IF your exchange server's AV signature doesn't catch the Virus, the client will get it. All the mails go through your Exchange server. Concentrate your efforts on making your AV work better on the server, and stop worrying about a non-issue. HTH Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Plahtinsky Sent: Thursday, June 12, 2003 3:35 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? The reason I asked the original question is because I work at a .EDU All mail goes to a [EMAIL PROTECTED] address on a central campus server. From there people either have their mail forwarded to their department mail server like [EMAIL PROTECTED] (my exchange server) address or use POP to down load their mail from the campus server. I have been trying to get management to force everyone to go through my exchange server so my firewall can strip all those bad attachment types. As it is a virus can sneak into my network with an attachment through POP. All my anti-virus software is set to update daily but if a new virus is able to make it in via POP before my anti-virus software updates. BAM lots and lots of work :( Matt -Original Message- From: Durkee, Peter [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 5:32 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? I think the original question must have related to POPing out for personal mail, because otherwise the normal attachment stripping would occur. Clearly if you're just popping into your regular Exchange mailbox, you're just as protected from viruses as you are accessing it any other way. -Peter -Original Message- From: Erik Sojka [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 14:04 To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? Allowing employees to POP personal mail? Hmmm I didn't see that in the question but it's als a bad idea... -Original Message- From: Ed Crowley [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 4:46 PM To: Exchange Discussions I believe the question here was specifically whether to allow internal POP clients to pull their mail (personal, presumably) from outside sources. To that, I would agree it is a very poor idea to allow that. As to whether to allow POP usage from outside, I would also agree that allowing it is a poor idea, but there are ways to make it not so poor. Even though it is primative, POP is still a protocol that is necessary for clients running on non-Windows platforms. You can configure Exchange 2000 to support only POP with SSL, somewhat reducing the vulnerability, or, better yet, allow it only through a VPN. Still, I would be encouraging such users to try to use IMAP instead, but it is not without its risks as well. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka Sent: Thursday, June 12, 2003 1:09 PM To: Exchange Discussions Subject: RE: POP = Bad? -- SMTP = Good? Mmmm. Man hours. Presumably since you are posting to an Exchange list, you are running Exchange. If you just want a POP server you have wasted your money. If remote access is an issue, set up OWA. If virusesiises are an issue, run AV software on your Exchange boxes. -Original Message- From: Joshua R. Morgan [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 1:58 PM To: Exchange Discussions I agree with you from a Security Standpoint that POP has certain risks, but maybe a better topic for management is the additional headache POP is from a support standpoint.. Imagine if you will a Marketing person gets a new machine at home, this person sets up outlook to download via POP3, instead of choosing to leave the messages on the server they opt to download everything and remove (could be a simple mistake) however when they come into work the next day