Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Steffen Dettmer (steffen_at_dett.de)
Date: Thu Nov 28 2002 - 04:29:53 CST
* Ruprecht Helms wrote on Wed, Nov 27, 2002 at 13:50 +0100:
> > Can you please explain that? I happily block tcp/25 on all
> > servers except mailservers.
> that is ok.
> I ment that you have blocked it on the central firewall.
I think it's my choice where I block unwanted packets. You wrote:
> > to denie port 25 (smtp) is not a good idea.
I did not understood that this was meant as "You have to block
port 25 on the central firewall.", sorry.
> > > dial-up. If you have a mailserver in your DMZ
> > > you can disable pop3 to outside.
> > And if I have a POP3 server in the LAN I cannot block?!
> I don't think so or we talk about different. I wrote to block to
> outside and not to your internal LAN.
I does not depends of the location of the POP3 server. You can
and should block POP3 for anything you don't want, if you have no
external clients, you can block it completly, no matter if the
server resides in DMZ or where ever.
> If you have the POP3-Server in your DMZ than you enable it to
> use from inside, but block it to outside.
Ohh, I see, you suggest to allow the service for the internal
permitted sources. Yes, of course, I though this is clear.
> The only reason to give the using of the pop3-server free to
> use from outside is than your company have employees that have
> to do with customers and make a lots of visits by the customers
> and need to read everytime the companymails.
Well, if you have no other chance... I would prefere to set up
another POP3 server or use one from some ISP.
-- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-helpsuse.com Security-related bug reports go to securitysuse.de, not here