Home page logo

firewall-wizards logo Firewall Wizards mailing list archives

Re: POP vs IMAP vs MAPI - security through firewalls?
From: Patrick Darden <darden () armc org>
Date: Mon, 26 Feb 2001 10:55:52 -0500 (EST)

I don't know if it is more secure, but MAPI is less resource intensive.
I've been looking into MS Exchange alternatives, and all the specs from
them show that MAPI can support 10-100X the numbers of simultaneous


Specific implementations of POP3 and IMAP4 do have a history of security
problems, but as far as I know they are all cleared up.

Putting MS Exchange on the internet, unless you have a really good
NT/Security guru is going to be chancy (IMHO it is like putting up a

--Patrick Darden                Internetworking Manager             
--                              706.354.3312    darden () armc org
--                              Athens Regional Medical Center

On Thu, 22 Feb 2001, Joseph S D Yao wrote:

Recently, one of our firewalled sites (hosted at a military base) was
directed that they had to stand down their internal mail server and use
the external base mail server.  This being the US military, this will
be an MS Exchange server, and the people inside the firewall are being
directed to use MS Outlook.  [How this will run on their Suns I don't
know, but that's not my problem.]

They were told they had to use MS MAPI to read the mail, and so they
would have to open TCP ports 135-139, 50000, 50001, and perhaps others
to be named later.  They were also told that MAPI must be used because
it is "slightly more secure" than POP3 or IMAP4.

The firewall is proxying-only, which of course means TCP-only.  I'm not
familiar with MAPI, and of course there is no RFC describing it, or any
publicly available documentation of which I'm aware.

Is anyone aware of any verifiable security testing that's been done on
MAPI?  Is it in fact "more secure" than POP3 and IMAP4?  You needn't
tell me that the latter two have security vulnerabilities - I've heard
this - but details would help [I haven't collected those], and if there
is a comparison to MAPI that would be so much the better.  Is MAPI that
much better?  [It had better be, to use up 7+ ports!  ;-(]

Are there any reliable proxies for any of these protocols?

Thank you!

Joe Yao                               jsdy () cospo osis gov - Joseph S. D. Yao
COSPO/OSIS Computer Support                                   EMT-B
This message is not an official statement of COSPO policies.
firewall-wizards mailing list
firewall-wizards () nfr com

firewall-wizards mailing list
firewall-wizards () nfr com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]