On Tue, Dec 10, 2013 at 08:55:29AM +0100, Robert Sander wrote:
> > It is not clear to me why one would allow the inbound delivery of
> > an e-mail message (with potentially malicious links or attachments),
> > but would not allow a connections to an LDAP or SQL server. The
> > latter seems far less risky to me.
>
> But verify just opens an SMTP session to the internal mail server and
> tests if the recipient exists.
>
> It is an "inline" recipient validation whereas an SQL or LDAP query
> would be "out of band". You would need to allow this extra connection.
> With verify you just use the SMTP connection you already need to deliver
> email to your internal system.
My point stands. You're accepting inbound email from the DMZ. An
LDAP or SQL query is rather tame by comparison. Your call of course.
--
Viktor.
