RE: [Exim] OT - Why you should not put Exchange on the Inter…

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: SpamTalk
Ημερομηνία:  
Προς: exim-users
Αντικείμενο: RE: [Exim] OT - Why you should not put Exchange on the Internet.
>Outlook can ... use ordinary pop3 and imap

YIKES! MS does not implement the APOP part of the POP3 protocol. IOW, your
users passwords that they login with to get to all your confidential files
behind the firewall are sailing along the internet IN THE CLEAR!


//support.microsoft.com/default.aspx?scid=kb;en-us;322825&Product=ech

    NOTE: Exchange Server 5.5 does not support the apop command.





//support.microsoft.com/default.aspx?scid=kb;en-us;322826&Product=exch2k

    NOTE: Exchange 2000 Server does not support the apop command.



There is no APOP KB info for E2003, or even POP3 command lists like those
above,
but I assume it is equally lacking in POP3 encryption.



> -----Original Message-----
> From: Richard Welty [mailto:rwelty@averillpark.net]
> Sent: Thursday, January 22, 2004 7:23 PM
> To: exim-users@???
> Subject: Re: [Exim] OT - Why you should not put Exchange on
> the Internet.
>
> this seems awfully offtopic, but i'll chip in anyway.
>
> On Thu, 22 Jan 2004 18:49:54 -0600 Phil Brutsche
> <phil@???> wrote:
> > I can verify that to be the truth (we're about to contaminate our
> > office with Exchange 2003).
>
> > Outlook, when used as an Exchange client, needs to communicate with
> > the Exchange server on TCP port 135 - the infamous Windows
> RPC port.
> > Not all traffic is on port 135, however - it also
> negotiates alternate
> > port numbers.
>
> this is true if you use MAPI. Outlook can (or used to be able
> to) use ordinary
> pop3 and imap w/o going into these modes, and Exchange used
> to be able to talk pop3 and imap ok. it's been a few years
> since i fought with this stuff, though.
>
> > > If they're concern is having access to their Exchange
> calendars and
> > > other stuff, use the web client - "Outlook for the web"
> or some such
> > > thing. I believe it comes with Exchange.
>
> > That's not even safe, 'cause then you're exposing IIS to the 'net ;)
>
> i have one client i set up with an OpenBSD/Apache web server
> in their DMZ, proxying only certain URLs to the Internet
> Insecurity Server on the inside. this mitigates a lot of the
> M$ braindamage, as some of the most infamous IIS exploits
> involved poking at certain double sekrit URLs that nobody
> knew IIS responded to.
>
> richard
> --
> Richard Welty
> rwelty@???
> Averill Park Networking
>   518-573-7592
>     Java, PHP, PostgreSQL, Unix, Linux, IP Network
> Engineering, Security

>
>
> --
>
> ## List details at
> http://www.exim.org/mailman/listinfo/exim-users Exim details
> at http://www.exim.org/ ##
>