fredy wrote: > > where can i find port redirector ? > Note that a port redirector solution defies the purpose of the firewall - it essentially creates a "puncture" in the firewall through which crackers can get through. Since a port redirector works on layer 3 (OSI style) it will redirect any network protocol attack (e.g. "ping of death") as well as any application level attack (e.g. the recent 2.2.x kernel bug that effected sendmail) just as it will redirect your normal users requests. Using a proxy service for POP3/IMAP and Qmail as SMTP relay will probably get you slightly better results then port redirector, although of course you'll then be exposed to attacks on Qmail (I'm wouldn't very worried about that ;-) and the POP3 proxy server * as well * as possibly still being exposed to application level attacks on the Exchange through the proxy. If you had a run of the mill standard SMTP/POP3/IMAP mail server I would suggest to you to put the mail server in a DMZ zone separate from the rest of the internal network, and give it on a real IP address (it can still be and should be behind the firewall). Since you use Exchange I'm pretty sure that you need the mail server to connect to your network PDC/BDC for authenticating users, hence doing this wont help you much because you'll have to puncture the firewall yet again (this time between DMZ and the Internal net) for the auth info to pass through and that's even worse then what you're trying to do now. Yet another reason why I hate Exchange ;-) Gilad. -- Gilad Ben-Yossef <[EMAIL PROTECTED]> Phone: +972-9-565333x230 The message on the screen said: "It is now safe Cel: +972-54-756701 to turn off your computer", but I ducked anyway. http://www.kagoor.com -- RedFish ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
