Security Basics mailing list archives
Question about "guaranteed delivery"
From: "meaculpa" <meaculpa () punkass com>
Date: Tue, 7 Sep 2004 17:43:24 +0200
Hi all, probably will be a long story, but pls, if you know of a product that could do this, pls let me (and the list) know. Currently we have a three-layered network, separated by firewalls (FW-DMW-FW-BE-FW-Internal). All networks are also divided in VLAN's. In the DMZ we have multiple SMTP servers to send/receive mail from the Internet/Other agencies/Private networks). ALL messages go to the BE network for decryption and content scanning. When content is considered safe, the message will be forwarded to other systems in the BE of Internal network and then processes by either scripts, e-mail clients or production processes. For outbould mail we use several Exchange servers that forward the SMTP messages to the content scanning devices. As you can imagine chanes of failures are big, they happen and e-mails and/or data gets lost. I was thinking. It must be possible to place a box in the DMZ that receives ALL SMTP messages inbound, does content scanning/decryption, sends the message to the same kind of box in the BE, checks if the message came through and then delivers the message to the endpoint. The checks as decryption/content scanning can be offloaded to other boxes if needed. I know there are proxy server out there (Blue Coat amongst others) that can do this with HTTP and the content scanning gets offloaded to other boxes via some sort of plugin solution. What we need in short is some sort of black box/software solution/method to receive e-mail and be able to guarantee the delivery to our own boxes on the DMZ, BE and Internal networks. For outbound messages we need to be able to guarantee that the outbound message got sent away. Wether it reaches it's endpoint is of no real concern since that could be solved with S/MIME (I think). Of course we need to be able to know what messages did not got delivered, why if possible and some sort of method to reprocess the message or do some sort of manual delivery. Thank you for any and all answers. Mea --------------------------------------------------------------------------- Computer Forensics Training at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html ----------------------------------------------------------------------------
Current thread:
- Question about "guaranteed delivery" meaculpa (Sep 07)
- <Possible follow-ups>
- RE: Question about "guaranteed delivery" Jose Enrique Diaz Jolly (Sep 08)
- RE: Question about "guaranteed delivery" Michael Bellears (Sep 09)