RE: SMTP behind NAT

["Murda Mcloud" <murdamcloud () bigpond com>]

> > If I force all mail through my smtp server, don't I just make their
problem my problem.

Well, the 'internal' smtp server shouldn't really be sending your mail for
you unless you are an authorized user on that mail server/mail domain-if I
understand exactly what you are asking. If it is allowing unauthorized users
to send any mail whatsoever then in my mind there is something wrong there;
it would basically be like an open relay.
If the smtp server is 'in charge' of mymail.com domain then why should it be
worried about anonymous.com email? 
Do you have an email account that is valid on that internal server?
Perhaps you could ask the admins to setup an outgoing rule allowing access
to those specific smtp servers that you need access to.

Is there a 'free' ;-) wireless connection involved here?



> > -----Original Message-----
> > From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
> > On Behalf Of Georg Pichler
> > Sent: Monday, May 04, 2009 6:12 AM
> > To: Sebastien MAHIEUX
> > Cc: security-basics () securityfocus com
> > Subject: Re: SMTP behind NAT
> >
> > Hi.
> >
> > My message may have been misunderstood a little. I'm not in a company
> > network
> > or in an otherwise "managed" location. It is the place where I spend most
> > of
> > my spare time.
> > It would be convenient if I could send my mail directly - encrypted of
> > course - via a mailserver of my choice.
> > Apart from load balancing, what is the benefit of blocking this traffic?
> > Mail
> > servers on the web have to decide which mail to block and which one to
> > let
> > through anyway, don't they? If I force all mail through my smtp server,
> > don't
> > I just make their problem my problem.
> >
> > Best Regards,
> > Georg
> >
> > On Friday 01 May 2009 20:08:04 Sebastien MAHIEUX wrote:
> > > Hi Georg,
> > >
> > > The first reason to restrict smtp for every client is to consolidate to
> > a
> > > single smtp server and so control the flow (example esmtp, scheduled
> > jobs)
> > > If you use your smtp server you can reduce the bandwith for every local
> > > mails.
> > > If a workstation in your environment is infected by a virus or trojan
> > by
> > > sending spam messages or confidential information about your company
> > you
> > > can control or get logs about every messages.
> > > Why do you want to reach directly smtp server outside ? What is the
> > benefit
> > > for you ?
> > > I can see by your gmail account you are able to send message through
> > > webmail interface, so the smtp message will be routed byr google
> > servers
> > > and not by your company's server.
> > >
> > > Hope to have respond to your message.



------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. 
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified 
Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------