One other thing- current industry Best Practices suggest one of the
following for your Exchange server, in the order of which is considered
best in terms of performance and security;
a) It have a single NIC, with a private IP address; a router,
firewall or other device with a public IP forwards SMTP (TCP
port 25) traffic to that server's internal IP.
Outbound SMTP goes through some Network Address Translation
(NAT) device just like other traffic.
Only internal clients (and remote dial-in or VPN clients) can
access the Exchange server using a MAPI client (such as Outlook).
Sometimes POP, IMAP and/or HTTP traffic from the outside will
also be forwarded, but this opens up more holes, and is usually
not done.
b) It has two NIC's; one with a public IP, and the other with a
private IP. The public IP has strict filters in place, and NetBIOS
completely disabled.
c) It has a single NIC, with a public IP. Because this NIC MUST
service MAPI and NetBIOS calls, all IP traffic gets filtered by a
router or firewall.
Many sites not only use private IP and SMTP forwarding to their Exchange
server, many also use an SMTP AntiVirus and/or spam scanner as a front-end
for their Exchange server.
I'm a Principle Consultant for Dell Professional Services, and a Senior
Consultant for Collective Technologies; I've seen a million ways to abuse
your network and messaging systems... anonymous relay is still one of the
most common issues I encounter at client sites!
----- Original Message -----
From: "Eric E. Osterholm" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, September 25, 2002 9:54 PM
Subject: Re: [WhatsUp Forum] Open Relay
> You can set your Exchange server to open relay for a particular subnet,
> but require authentication for all other subnets. This setting exists
> in both the 5.5 and 2000 versions of Exchange, but are set in different
> dialog boxes. Check your help system for details.
>
> You might want to consider installing IIS's SMTP service on the WUG
> server, and use it to relay...
>
> ----- Original Message -----
> From: "Tim Dougherty" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, September 25, 2002 7:18 PM
> Subject: [WhatsUp Forum] Open Relay
>
> > I am having some problems with the email notification in version 6.03.
> > It appears I need to have Open Relay "On" my exchange server in order
> > for the email notification to go out. I have WhatsupGold on a separate
> > server. Is there a way to accomplish an email notification while having
> > Open Relay disabled. The reason for the problem is that I believe our
> > site is being used for SPAM.
> >
> > Thanks for any Help
> > Tim Dougherty
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/whatsup_forum%40list.ipswitch.com/
