Re: Exchange Server 2000 and Cisco Pix

[Curt Wilson <netw3 () netw3 com>]

Christoph,

I think this may be referring to the mailguard feature
which is a basic SMTP proxy for the PIX. I think this
is automatically enabled through the fixup smtp command
but I could be wrong. If you do use mailguard make sure
to have the patches in place for the vulnerability that
came out several months ago that allowed attackers to
bypass the mailguard with invalid characters.

I suppose you could remove the fixup smtp and just
set a standard conduit/ACL, but then your exchange
box is no longer protected by mailguard. 

Not a bad idea to set up a hardened relay host between the
PIX and the Exchange server with specific ACL's/conduits
for all sides of the connection. 

Curt Wilson
GCFW, GSEC, ISS
netw3 consulting


From: Christoph Puetz <puetzc () yahoo com>
Reply-To: puetz () mho net
To: firewall-wizards () nfr com
Subject: [fw-wiz] Exchange Server 2000 and Cisco Pix

Hello wizards,

I have a newly installed Exchange Server 2000 behind
my Pix and did receive an error from a mail client
when trying to connect to the Exchange server.
Microsoft refers to Cisco without really being
specific - at least I could not find the solution at
Cisco's web page. Anyone here knows what I have to do?




=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
| Curt R. Wilson   *   Netw3 Consulting  *   www.netw3.com    |
|    Internet Security, Networking, PC tech,  WWW hosting     |
| Netw3 Security Reading Room : www.netw3.com/documents.html  |
|  Serving Southern Illinois locally and the world virtually  |  
|            netw3 () netw3 com     618-303-NET3                 |
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards