Hi Steffen Dettmer,
Can you please explain that? I happily block tcp/25 on all servers except mailservers.
that is ok.
Thank you.
I ment that you have blocked it on the central firewall.
sorry I thought.
I think it's my choice where I block unwanted packets. You wrote:
Of course we all are free in doing.
to denie port 25 (smtp) is not a good idea.
I did not understood that this was meant as "You have to block port 25 on the central firewall.", sorry.
I mean that port must be enabled. That is a double no in the sentence. Look above you wrote - so I mean, but I thought that you have done with by setting a central rule.
[...]
There is a way If you have a pop3-server and wants to give it free to inside and to outside. I have forgotten the problem of the unroutable ipadresses in the lan (normal way by using a firewall). In this case you can use a pop3-proxy. For example you have an exchangeserver (it want to be pdc or bdc) in your company that is placed in your lan so you have to move the mails into the lan. For securityreasons I selve don't like a nt- or w2k-domain that is routed through a firewall. I prefer to put the above mentioned proxy in the DMZ that forwards mails (smtp-server) to the MS Exchange and build a door to your internal pop3-server (MS Exchange). Such a software is sambar (http://www.sambar.com) - that is a different on to the filserver samba. To run sambar you need windows. Regards, Ruprecht