On Tuesday 04 December 2001 10:49 pm, you wrote: > I'm new to exchange 2000 and I know this is probably a easy question for > everyone but I was wondering how to block certain attachments(filenames) in > exchange 2000. I would like to have it such that files are stripped out of > emails before it reaches endusers. Can you help? > > Thanks, GP
This may sound presumptuous, but at least take it into consideration: DO NOT use Exchange as a SERIOUS mail server. I love that thing for SOME of it's features: It's easy to use, nice to manage contacts, schedule appointments, share data, etc.... BUT!, it's everything except a mail server for running on the internet LIVE. Win 2K AS IS is low on security, but when you add stuff like M$ made servers it turns into a disaster. What I would STRONGLY suggest is: - Use a firewall if you allready aren't using one. Cisco PIX is GREAT stuff, if you have it, and there are some other who can do the job for you rather nice. If you don't have one try getting an old Pentium/32MB RAM class machine and setting it up as a firewall. Easiest way is to use Linux, preferably with 2.2.x series kernel, plus openwall patches. Add nice ipchains rules and you'll have a pretty secure server. And one tip: use a sys v distro - like debian or redhat and run it in runlevel 2 (without network), and than manually bring up only the stuff you need : basically it's just the network, with NO DAEMONS running (not even - or more precisely - NO inted), plus maybe sshd. - Get an external e-mail server running qmail in a DMZ - outside the firewall, and get exchange to pick up the mail from there. You can use a similar class machine for this also. If you want you may even add an apache server fro your web here. Once you've done this you can easily use procmail to filter the mail, or even install some antivirus software on it. This sound's like a lot of work, and it is, but it will make a LARGE increase in your security. To be exact, with this kind of setup you will be very tightly protected on all of your computers behind the firewall (they of course running in IP masquerade), and they will be able to access the internet as easy as they do now. Yeah, you may also consider some sort of a firewall software like zone alarm on your windows clients inside the network. Just in case you do get a trojan... ;) Regards, Nikola
