* Ruprecht Helms wrote on Wed, Nov 27, 2002 at 13:50 +0100:
Can you please explain that? I happily block tcp/25 on all servers except mailservers.
that is ok.
Thank you.
I ment that you have blocked it on the central firewall.
I think it's my choice where I block unwanted packets. You wrote:
to denie port 25 (smtp) is not a good idea.
I did not understood that this was meant as "You have to block port 25 on the central firewall.", sorry.
dial-up. If you have a mailserver in your DMZ you can disable pop3 to outside.
And if I have a POP3 server in the LAN I cannot block?!
I don't think so or we talk about different. I wrote to block to outside and not to your internal LAN.
I does not depends of the location of the POP3 server. You can and should block POP3 for anything you don't want, if you have no external clients, you can block it completly, no matter if the server resides in DMZ or where ever.
If you have the POP3-Server in your DMZ than you enable it to use from inside, but block it to outside.
Ohh, I see, you suggest to allow the service for the internal permitted sources. Yes, of course, I though this is clear.
The only reason to give the using of the pop3-server free to use from outside is than your company have employees that have to do with customers and make a lots of visits by the customers and need to read everytime the companymails.
Well, if you have no other chance... I would prefere to set up another POP3 server or use one from some ISP. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.