Security Basics mailing list archives
RE: SMTP behind NAT
From: "Murda Mcloud" <murdamcloud () bigpond com>
Date: Tue, 5 May 2009 12:13:32 +1000
If I force all mail through my smtp server, don't I just make their
problem my problem. Well, the 'internal' smtp server shouldn't really be sending your mail for you unless you are an authorized user on that mail server/mail domain-if I understand exactly what you are asking. If it is allowing unauthorized users to send any mail whatsoever then in my mind there is something wrong there; it would basically be like an open relay. If the smtp server is 'in charge' of mymail.com domain then why should it be worried about anonymous.com email? Do you have an email account that is valid on that internal server? Perhaps you could ask the admins to setup an outgoing rule allowing access to those specific smtp servers that you need access to. Is there a 'free' ;-) wireless connection involved here?
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Georg Pichler Sent: Monday, May 04, 2009 6:12 AM To: Sebastien MAHIEUX Cc: security-basics () securityfocus com Subject: Re: SMTP behind NAT Hi. My message may have been misunderstood a little. I'm not in a company network or in an otherwise "managed" location. It is the place where I spend most of my spare time. It would be convenient if I could send my mail directly - encrypted of course - via a mailserver of my choice. Apart from load balancing, what is the benefit of blocking this traffic? Mail servers on the web have to decide which mail to block and which one to let through anyway, don't they? If I force all mail through my smtp server, don't I just make their problem my problem. Best Regards, Georg On Friday 01 May 2009 20:08:04 Sebastien MAHIEUX wrote:Hi Georg, The first reason to restrict smtp for every client is to consolidate toasingle smtp server and so control the flow (example esmtp, scheduledjobs)If you use your smtp server you can reduce the bandwith for every local mails. If a workstation in your environment is infected by a virus or trojanbysending spam messages or confidential information about your companyyoucan control or get logs about every messages. Why do you want to reach directly smtp server outside ? What is thebenefitfor you ? I can see by your gmail account you are able to send message through webmail interface, so the smtp message will be routed byr googleserversand not by your company's server. Hope to have respond to your message.
------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- SMTP behind NAT Georg Pichler (May 01)
- RE: SMTP behind NAT Michael.Randazzo (May 01)
- Re: SMTP behind NAT Laurens Vets (May 01)
- Message not available
- Re: SMTP behind NAT Georg Pichler (May 04)
- Re: SMTP behind NAT Aaron Howell (May 04)
- RE: SMTP behind NAT Murda Mcloud (May 05)
- Re: SMTP behind NAT Georg Pichler (May 06)
- RE: SMTP behind NAT Murda Mcloud (May 06)
- RE: SMTP behind NAT David Gillett (May 07)
- RE: SMTP behind NAT Murda Mcloud (May 07)
- RE: SMTP behind NAT Tariq Naik (May 08)
- Re: SMTP behind NAT bartlettNSF (May 11)
- Re: SMTP behind NAT Georg Pichler (May 04)
- <Possible follow-ups>
- Re: SMTP behind NAT Rob Taylor (May 01)
- Re: SMTP behind NAT krymson (May 07)