RE: Question on article: Using Mail Relays to Enhance Exchange Security
- From: "John Tolmachoff \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
- To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
- Date: Wed, 19 May 2004 23:06:20 -0700
Answers in-line.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-----Original Message-----
From: Johnny Yeo [mailto:johnny@xxxxxxxxxx]
Sent: Wednesday, May 19, 2004 7:49 PM
To: [ExchangeList]
Subject: [exchangelist] Question on article: Using Mail Relays to Enhance
Exchange Security
Hi All,
This is my first time using MSExchange.org Email Discussion List. I hope I
do it right ;)
I have a few questions with regards to the article: Using Mail Relays to
Enhance Exchange Security
1. Don't forget the mail relay! Make sure that you secure the mail relay
as much possible, install new security related patches, etc. One of the
perks of having a mail relay is that you can reboot it more often than you
could an Exchange Mailbox server.
Linux is no more secure than Windows and more difficult to manage, so make
sure you have the knowledge to handle it if you choose Linux as your
solution.
* From the article I understand that my mail relay server is placed in
the DMZ while my Exchange 2003 server is placed in trusted zone. Assuming
that the MX record is pointing only to the mail relay server, what will
happen to my e-mails when I reboot the mail relay server?
According to RFC, the sending mail server tries to connect to the MX record
of the receiving domain. If it can not connect to one, it should retry for
at least 24 hours, normally 48 hours, unless it receives a reason not to
retry.
2. Don't over-do your junk e-mail detection or you'll be fishing out
deleted e-mails from your mail relay forever. Better choose a solution that
blocks some junk mail at the mail relay level, and the rest at the server
level, delivering suspected mail to a folder in the users' mailbox.
* Ok
3. Using a different anti-virus at the mail relay level than the one you
use internally can lessen the chances of infections.
* Ok
4. Usually backing up mail relays is not really required but when your
Exchange server is unavailable due to maintenance, internal virus outbreak
or a Firewall problem you should be able to backup your mail relay so that a
sudden crash doesn't take all your mail away.
* Ok
5. Monitor your mail relay queue to find out if there is a problem sooner
rather then later.
* Possible problem could be: Mail being relayed to other domain?
More likely incoming spam to non-existent uses.
6. If you have POP3/SMTP clients, use the mail relay as an outgoing mail
server instead of Exchange. This allows you to uncheck the SMTP
authentication checkbox of the Exchange SMTP virtual server Relay options
that is used by Trojan attacks.
Trojans hijack username and password on workstations using various methods.
They use this information to authenticate to the Exchange SMTP virtual
server. Then they spoof the mail so that it appears as if it is coming from
a valid IP for a large Internet E-mail supplier. However if you uncheck this
option regular SMTP clients that you might find in most large enterprises
such (For example, UNIX and Mac clients) will not be able to use Exchange to
send mail. This quite alright as your mail relay can be configured for this
purpose.
* The mail relay server that I used is from Trend Micro. Specifically,
I am using the Viruswall to relay the mails to my domain which is
Delteq.biz. When my POP3/SMTP clients points to Delteq.biz as an outgoing
server, they only can deliver mail to Delteq.biz domain, but not external
domain. Is there a workaround on this matter?
Not sure how you have it set up, but your users should be configured to use
Exchange for outgoing, contrary to what that paragraph says. While it theory
it presents a good point, there are other methods of protection, such as
scanning of all incoming and outgoing messages for spam and virus.
Thanks in advance!
Regards,
Johnny Yeo
Malaysia
Other related posts:
