Right on... I don't have access to that article apparently, so I just wanted
to make sure I got a good bite before chewing.
----- "God is a comedian playing to an audience too afraid to laugh."
http://www.ISAserver.org
One gateway is used for anonymous connections inbound from Internet SMTP servers.
The other gateway is used by authenticated users, over a TLS encrypted channel, as a relay to other mail domains. If you're scenario doesn't require that external users have access to an SMTP server than can relay to external mail domains, then you don't need it. My goal is split off all servers that allow anonymous inbound connections away from all other servers.
Tom
Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?**
-----Original Message----- From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] Sent: Wednesday, December 14, 2005 3:34 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: FYI: 10 ways to secure your Windows-based SMTP relays - TechRepublic
http://www.ISAserver.org
What's the core reason for 2 gateways (one in, one out)??
t
----- "God is a comedian playing to an audience too afraid to laugh."
----- Original Message ----- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, December 14, 2005 10:43 AM
Subject: [isalist] RE: FYI: 10 ways to secure your Windows-based SMTP
relays - TechRepublic
http://www.ISAserver.org
If you end up eating crow, I'll send you some pate de fois gras to chase it down with. I think it would make an intesting article and I'll throw you in for the appropriate props.
Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?**
> -----Original Message-----
> From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> Sent: Wednesday, December 14, 2005 12:38 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: FYI: 10 ways to secure your
> Windows-based SMTP relays - TechRepublic
>
> http://www.ISAserver.org
>
> Yep-- will do... The next step for me is to go back to an
> SMTP connector
> (rather than the simple smart-host delivery from the SMTP
> Virtual Server)
> and check it all out in real life. Being able to apply the
> SMTP filter on
> the *outbound* access rule is really quite kewl: between
that and the
> authentication mechanisms, I may end up with a mouthful of
> crow and my
> opinion reversed ;)
>
> t
>
> -----
> "God is a comedian playing to an
> audience too afraid to laugh."
>
>
> ----- Original Message ----- > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Wednesday, December 14, 2005 10:21 AM
> Subject: [isalist] RE: FYI: 10 ways to secure your
Windows-based SMTP
> relays - TechRepublic
>
>
> http://www.ISAserver.org
>
> Hi Tim,
>
> OK, thanks for telling me. Ask Jim about how tempermental I
get around
> Christmas, so I'm sure it took it the wrong way.
>
> I'm glad you're giving the idea another chance; its seems like an
> interesting solution and I spent several hours trolling the
Web trying
> to find out how to create the SMTP connector to make it
work, and then
> configure the appropriate ISA firewall configuration and do
the NetMon
> traces to figure out how ATRN worked.
>
> Me not being a security guy by temperment or orientation (Debi is a
> security 'guy' and we always have arguments over ISA -- I
call ISA an
> access control device and Debi says it's a security device and I say
> there's a difference between security and access control
and Debi says
> that access control is a subset of security and we never end up
> agreeing) all I have is a "feeling" that ATRN could be useful in a
> strong perimeterization scheme.
>
> It would be great if you can leave ATRN idea in the
brainpain and keep
> the heat up. I'd be really interested in your final analysis.
>
> Tom
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> **Who is John Galt?**
>
>
>
> > -----Original Message-----
> > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > Sent: Wednesday, December 14, 2005 11:48 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: FYI: 10 ways to secure your
> > Windows-based SMTP relays - TechRepublic
> >
> > http://www.ISAserver.org
> >
> > I didn't take it like that at all-- it's just that I've been
> > thinking about
> > this solution, and I'm wavering a bit back and forth now;
> > well, specifically
> > with regard to Exchange and IIS-SMTP based solutions,
> > anyway... Now that my
> > SMTP gateways in my DMZ are back to IIS-SMTP (I just replaced
> > Trend IMSS
> > with GFI in the DMZ - IMSS had it's own SMTP engine) the Microsoft
> > authentication mechanisms available make this a more
> > compelling option. I
> > think I was wrong to denounce it entirely - and I think Jim's
> > analogy to my
> > "outbound SQL replication" methods are more applicable than I
> > thought.... I
> > just want to make sure that my "thinking I know what I'm
> > doing" doesn't get
> > in the way of me actually learning something ;)
> >
> > t
> >
> > -----
> > "God is a comedian playing to an
> > audience too afraid to laugh."
> >
> >
> > ----- Original Message ----- > > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Sent: Tuesday, December 13, 2005 5:55 PM
> > Subject: [isalist] RE: FYI: 10 ways to secure your
> Windows-based SMTP
> > relays - TechRepublic
> >
> >
> > http://www.ISAserver.org
> >
> > Hey Grand Master T,
> >
> > I was just funnin' ya.
> >
> > The trigger schedule, auth, etc is set by SMTP Connector
> configured on
> > the Exchange Server for the domains you want to grab.
> >
> > Merry Christmas
> >
> > Tom
> >
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org
> > Blog: http://spaces.msn.com/members/drisa/
> > Book: http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> >
> >
> >
> > > -----Original Message-----
> > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > > Sent: Tuesday, December 13, 2005 7:41 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: FYI: 10 ways to secure your
> > > Windows-based SMTP relays - TechRepublic
> > >
> > > http://www.ISAserver.org
> > >
> > > Well, I didn't say "dumb thing," I just questioned it's real
> > > value-- lemme
> > > ask; how do you specifiy when the ATRN command runs? How do
> > > manage how the
> > > internal mail server knows to go out and get the data?
> > >
> > > t
> > >
> > > -----
> > > "God is a comedian playing to an
> > > audience too afraid to laugh."
> > >
> > >
> > > ----- Original Message ----- > > > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > Sent: Tuesday, December 13, 2005 5:32 PM
> > > Subject: [isalist] RE: FYI: 10 ways to secure your
> > Windows-based SMTP
> > > relays - TechRepublic
> > >
> > >
> > > http://www.ISAserver.org
> > >
> > > I said I wanted to, but Tor said it was a dumb thing.
> > >
> > > Thomas W Shinder, M.D.
> > > Site: www.isaserver.org
> > > Blog: http://spaces.msn.com/members/drisa/
> > > Book: http://tinyurl.com/3xqb7
> > > MVP -- ISA Firewalls
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > > > Sent: Tuesday, December 13, 2005 6:27 PM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] RE: FYI: 10 ways to secure your
> > > > Windows-based SMTP relays - TechRepublic
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > You didn't list ATRN on that list, did you??
> > > >
> > > > -----
> > > > "God is a comedian playing to an
> > > > audience too afraid to laugh."
> > > >
> > > >
> > > > ----- Original Message ----- > > > > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> > > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > > Sent: Tuesday, December 13, 2005 4:16 PM
> > > > Subject: [isalist] RE: FYI: 10 ways to secure your
> > > Windows-based SMTP
> > > > relays - TechRepublic
> > > >
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > Hi Greg,
> > > >
> > > > thanks! :)
> > > >
> > > > Thomas W Shinder, M.D.
> > > > Site: www.isaserver.org <http://www.isaserver.org/>
> > > > Blog: http://spaces.msn.com/members/drisa/
> > > > Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
> > > > MVP -- ISA Firewalls
> > > > **Who is John Galt?**
> > > >
> > > >
> > > >
> > > >
> > > > ________________________________
> > > >
> > > > From: Greg Mulholland [mailto:greg@xxxxxxxxxxxxxx]
> > > > Sent: Tuesday, December 13, 2005 5:54 PM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] RE: FYI: 10 ways to secure your
Windows-based
> > > > SMTP relays - TechRepublic
> > > >
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > Hey Tom
> > > >
> > > > Folks will need a tech republic login to view that. Although
> > > > they are free im not sure everyone has that at the ready. But
> > > > you got a
> > > > top rating from me!
> > > >
> > > > Greg Mulholland
> > > >
> > > > ________________________________
> > > >
> > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > > > Sent: Wed 14/12/2005 10:37 AM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] FYI: 10 ways to secure your Windows-based
> > > > SMTP relays - TechRepublic
> > > >
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > >
> > > > 10 ways to secure your Windows-based SMTP relays -
TechRepublic:
> > > > http://techrepublic.com.com/5138-1009-5991903.html?part=rss&ta
> > > > g=feed&sub
> > > > j=tr
> > > >
> > > > ------------------------------------------------------
> > > > List Archives:
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter:
> > > > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ:
> > > > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our
other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org Discussion
> > > > List as: greg@xxxxxxxxxxxxxx
> > > > To unsubscribe visit
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > ------------------------------------------------------
> > > > List Archives:
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter:
> > > > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ:
> > > > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our
other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org Discussion
> > > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > > To unsubscribe visit
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > >
> > > >
> > > >
> > > > ------------------------------------------------------
> > > > List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter:
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ:
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our
other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org Discussion
> > > > List as:
> > > > thor@xxxxxxxxxxxxxxx
> > > > To unsubscribe visit
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > >
> > > >
> > > > ------------------------------------------------------
> > > > List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter:
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ:
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our
other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org Discussion
> > > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > > To unsubscribe visit
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > >
> > > >
> > >
> > > ------------------------------------------------------
> > > List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion
> > > List as:
> > > thor@xxxxxxxxxxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > >
> > >
> > > ------------------------------------------------------
> > > List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion
> > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as:
> > thor@xxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as:
> thor@xxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
