mailing list archives
Re: Exchange Server 2000 and Cisco Pix
From: Curt Wilson <netw3 () netw3 com>
Date: Wed, 23 May 2001 23:44:51 -0500
I think this may be referring to the mailguard feature
which is a basic SMTP proxy for the PIX. I think this
is automatically enabled through the fixup smtp command
but I could be wrong. If you do use mailguard make sure
to have the patches in place for the vulnerability that
came out several months ago that allowed attackers to
bypass the mailguard with invalid characters.
I suppose you could remove the fixup smtp and just
set a standard conduit/ACL, but then your exchange
box is no longer protected by mailguard.
Not a bad idea to set up a hardened relay host between the
PIX and the Exchange server with specific ACL's/conduits
for all sides of the connection.
GCFW, GSEC, ISS
From: Christoph Puetz <puetzc () yahoo com>
Reply-To: puetz () mho net
To: firewall-wizards () nfr com
Subject: [fw-wiz] Exchange Server 2000 and Cisco Pix
I have a newly installed Exchange Server 2000 behind
my Pix and did receive an error from a mail client
when trying to connect to the Exchange server.
Microsoft refers to Cisco without really being
specific - at least I could not find the solution at
Cisco's web page. Anyone here knows what I have to do?
| Curt R. Wilson * Netw3 Consulting * www.netw3.com |
| Internet Security, Networking, PC tech, WWW hosting |
| Netw3 Security Reading Room : www.netw3.com/documents.html |
| Serving Southern Illinois locally and the world virtually |
| netw3 () netw3 com 618-303-NET3 |
firewall-wizards mailing list
firewall-wizards () nfr com
- Re: Exchange Server 2000 and Cisco Pix Curt Wilson (May 24)