RE: SMTP Filter STARTTLS Issue
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 9 Jan 2003 19:24:42 -0600
Hi Tim,
I believe they did know that it didn't work. But you know how allocation
of resources goes. Need to triage things, and things like support for
SecurID, link translation, OWA Wizard support, outbound RPC and inbound
RPC encryption enforcement were more popular requests among their
customers. I agree that support for secure SMTP would be great,
especially now that SMTP auth is supported. But you seemed to be the
only one who said anything about it in the last couple of years (in a
public forum), and I guess not too many partners mentioned this either.
I agree that a fix for this would be an ideal candidate for a hotfix or
next SP.
Tom
-----Original Message-----
From: Deus, Attonbitus [mailto:Thor@xxxxxxxxxxxxxxx]
Sent: Thursday, January 09, 2003 11:19 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: SMTP Filter STARTTLS Issue
http://www.ISAserver.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 08:20 AM 1/9/2003, you wrote:
>http://www.ISAserver.org
>
>
>Hi Edward,
>
>Really? I was asked about this feature and how popular it is. I
searched
>the mailing list archives (since I know it never appeared on the Web
>site), and there was a single small thread almost two years ago.
Because
>of that, I figured it wasn't something anyone was interested in! If a
>feature is missing or broken, let someone know, let everyone know.
>Squeaky wheels get greased more often :-)
It was probably mine... I remember asking about the STARTTLS a while
back...
I would agree that it is probably a little used feature- as Secure SMTP
is
a little used feature in the first place- I can see the combination of
SMTPS with the ISA SMTP filter is probably something that very few
people
have ever tried to use... But hey, the filter has STARTTLS in it, so it
should support it. It should have been tested thoroughly. In fact, it
kind of worries me that a command is in there and supported, but it was
obviously never tested. What else was never tested? I mean, here we
are
with ISA + SP1 + FP1 and it still doesn't work.
I guess it could have been tested and found to be broken but ignored,
which
to me is just as bad, you know?
What bothers me more than anything is that this specifically breaks a
security measure. I can understand the NOOP length issue- that is just
a
setting. I would have liked to have seen the default length changed in
FP1, but no biggie. The reality is that if I want to use the SMTP
filter,
I can't secure my SMTP traffic. Blah!
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQA/AwUBPh2vFIhsmyD15h5gEQJt+ACg/Zrarf/Csoa7QqbOZuTmhfQJ6pUAn2Ac
vlR3yJIT3du8uZcgs6swI4iI
=ZW8Z
-----END PGP SIGNATURE-----
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
