Question on article: Using Mail Relays to Enhance Exchange Security

  • From: "Johnny Yeo" <johnny@xxxxxxxxxx>
  • To: <exchangelist@xxxxxxxxxxxxx>
  • Date: Thu, 20 May 2004 10:49:24 +0800

Hi All,
 
This is my first time using MSExchange.org Email Discussion List. I hope
I do it right ;)
 
I have a few questions with regards to the article: Using Mail Relays to
Enhance Exchange Security
 
 
1.       Don't forget the mail relay! Make sure that you secure the mail
relay as much possible, install new security related patches, etc. One
of the perks of having a mail relay is that you can reboot it more often
than you could an Exchange Mailbox server. 
Linux is no more secure than Windows and more difficult to manage, so
make sure you have the knowledge to handle it if you choose Linux as
your solution. 
*          From the article I understand that my mail relay server is
placed in the DMZ while my Exchange 2003 server is placed in trusted
zone. Assuming that the MX record is pointing only to the mail relay
server, what will happen to my e-mails when I reboot the mail relay
server? 
 
2.       Don't over-do your junk e-mail detection or you'll be fishing
out deleted e-mails from your mail relay forever. Better choose a
solution that blocks some junk mail at the mail relay level, and the
rest at the server level, delivering suspected mail to a folder in the
users' mailbox. 
*          Ok
 
3.       Using a different anti-virus at the mail relay level than the
one you use internally can lessen the chances of infections. 
*          Ok
 
4.       Usually backing up mail relays is not really required but when
your Exchange server is unavailable due to maintenance, internal virus
outbreak or a Firewall problem you should be able to backup your mail
relay so that a sudden crash doesn't take all your mail away. 
*          Ok
 
5.       Monitor your mail relay queue to find out if there is a problem
sooner rather then later. 
*          Possible problem could be: Mail being relayed to other
domain? 
 
6.       If you have POP3/SMTP clients, use the mail relay as an
outgoing mail server instead of Exchange. This allows you to uncheck the
SMTP authentication checkbox of the Exchange SMTP virtual server Relay
options that is used by Trojan attacks. 
Trojans hijack username and password on workstations using various
methods. They use this information to authenticate to the Exchange SMTP
virtual server. Then they spoof the mail so that it appears as if it is
coming from a valid IP for a large Internet E-mail supplier. However if
you uncheck this option regular SMTP clients that you might find in most
large enterprises such (For example, UNIX and Mac clients) will not be
able to use Exchange to send mail. This quite alright as your mail relay
can be configured for this purpose.
*          The mail relay server that I used is from Trend Micro.
Specifically, I am using the Viruswall to relay the mails to my domain
which is Delteq.biz. When my POP3/SMTP clients points to Delteq.biz as
an outgoing server, they only can deliver mail to Delteq.biz domain, but
not external domain. Is there a workaround on this matter?
 
 
Thanks in advance!
 
Regards,
Johnny Yeo
Malaysia
 
 

Other related posts: