You will also need to set the Relay for Addresses so that you only relay for IP addresses from your local network to avoid being an open SPAM relay (if you haven't already).

Also if you run IIS on your server you need to keep an eye on the latest MS security updates.

Steve

Steven Moore Internet Development Engineer Research Machines +44 1235 823522

> -----Original Message----- > From: IMail_Forum-owner@list.ipswitch.com > [mailto:IMail_Forum-owner@list.ipswitch.com]On Behalf Of Pau > Ruiz Pérez > Sent: 10 May 2001 13:19 > To: IMail_Forum@list.ipswitch.com > Subject: RE: [IMail Forum] Security & Imail v6.0.9 > > > If you've got service to service NAT, (SMTP-25, HTTP-80, > POP3-110, ...), > you're configuration is OK and there's nothing you can do to > except upgrade > to the last release (6.06 with all the sub-patches), to > prevent some DOS > attack that are corrected in these releases, and some bugs > solved (I think > you should) > The patches to install are the 6.06, 6.06-SVS, ... In the > download page > of the Imail explain the order you've to install them > > If the NAT is IP to IP, you're in a problem, your > Netbios-139 are visible > to the outside world, and anybody could try to do: NET USE \\IP\SHARE, that NT, by default have some... On any other service running on your Imail machine will happen the same (ftp, ...)

If you've got only one server, I don't think necessary to create a DMZ for the machine. (To do this OK you've to put another network adapter on your firewall), it can be difficult in some cases the firewall is a black box with 2 network adapters configured via web.

Hope this helps

Pau

-----Original Message----- From: IMail_Forum-owner@list.ipswitch.com [mailto:IMail_Forum-owner@list.ipswitch.com]On Behalf Of Andrew SNOWDEN Sent: jueves 10 de mayo de 2001 13:17 To: Imail Subject: [IMail Forum] Security & Imail v6.0.9

We have the bulk standard installation of Imail on an NT Server that sits behind our firewall with a one-to-one NAT allowing web access from the Internet.

Question 1

Are there any security loop holes? And if so, does anyone have a complete list of any additional patches we should apply?

Question 2

Should our server be in a DMZ or is it ok as it is?

Thanks

Andrew Snowden, ICT Co-ordinator, Cheadle Hulme School, UK.

Visit our website at http://www.rm.com

Standard Disclaimer:This message is confidential. You should not copy it or disclose its contents to anyone. You may use and apply the information only for the intended purpose. Internet communications are not secure and therefore RM does not accept legal responsibility for the contents of this message. Any views or opinions presented are only those of the author and not those of RM. If this email has come to you in error please delete it and any attachments. Please note that RM may intercept incoming and outgoing e-mail communications.