Results 1 to 17 of 17
  1.    #1  
    My IT person just installed a new firewall, which caused Chatter to stop working with my Outlook mail. I'd like to have a better understanding of the issues from the viewpoint of a IT person. He told me that he doesn't want to leave port 143 open because we got hit with a spammer using our server. Could leaving port 143 open cause a vulnerablity?

    Should I try to convince him to follow the instructions in the Chatteremail manual appendix to allow Chatter to get through the firewall? Is it a potential security hazard, or is my IT person being paranoid?

    He did suggest forwarding (copying?) email to my Fastmail imap account. Wouldn't this be a much easier alternative? Are there any drawbacks to this method?

    Any advice on how to deal with my IT person in a reasonable way would be appreciated.
  2. #2  
    It shouldn't be an issue - the only caveat I could think of would be that I think on the default port IMAP authentication info is passed in the clear.

    What I do with my server (Mac OS X 10.4 Server) is run do IMAP connections via IMAP-SSL (Port 993) and then run SMTP through the standard Port 25, but with SSL turned on for that as well. Chatter handles the self-signed certificate just fine.

    Doing that should be sufficiently secure for your IT admin, depending on what the back-end server is.
  3. #3  
    Quote Originally Posted by horatio8
    My IT person just installed a new firewall, which caused Chatter to stop working with my Outlook mail. I'd like to have a better understanding of the issues from the viewpoint of a IT person. He told me that he doesn't want to leave port 143 open because we got hit with a spammer using our server. Could leaving port 143 open cause a vulnerablity?

    Should I try to convince him to follow the instructions in the Chatteremail manual appendix to allow Chatter to get through the firewall? Is it a potential security hazard, or is my IT person being paranoid?

    He did suggest forwarding (copying?) email to my Fastmail imap account. Wouldn't this be a much easier alternative? Are there any drawbacks to this method?

    Any advice on how to deal with my IT person in a reasonable way would be appreciated.

    If a spammer was able to use your server there's a lot more loose than a single port.
  4. #4  
    Quote Originally Posted by daThomas
    If a spammer was able to use your server there's a lot more loose than a single port.

    I believe the business is recieving loads of spam mail. I do not think their system is being 'compromised' ....


    Blocking port 143 DOES minimize spam email, but will not block all.

    ...and finally, you should do as he say. [forwarding to fastmail or AIM email]



    -my 2 cent as I am an IT Admin myself.
  5.    #5  
    trim81,

    Thanks for your comments. It's hard for me to see this from the viewpoint of an IT person. I was told we got put on a "black list" temporarily due to a spammer using a vulnerability in our network to send out spam. We had an old firewall. So, I was wondering if we're now at the other extreme of caution. My guess is I'll end up forwarding to Fastmail, but I'll miss having my Treo and desktop synchronized. My IT person is reluctant to spend the time and effort to install SSL. Any other comments would be appreciated.
  6. #6  
    Quote Originally Posted by horatio8
    trim81,

    Thanks for your comments. It's hard for me to see this from the viewpoint of an IT person. I was told we got put on a "black list" temporarily due to a spammer using a vulnerability in our network to send out spam. We had an old firewall. So, I was wondering if we're now at the other extreme of caution. My guess is I'll end up forwarding to Fastmail, but I'll miss having my Treo and desktop synchronized. My IT person is reluctant to spend the time and effort to install SSL. Any other comments would be appreciated.
    Unless you're an exec (and maybe not even then), forget about the IT guy going out of the way and changing standards to please you and your toy. The network as a whole is more important than you Just set it up with fastmail.


  7. #7  
    Quote Originally Posted by trim81

    Blocking port 143 DOES minimize spam email, but will not block all.
    Just curious on this, how would it have any effect on spam. 143 is usually attached to an IMAP daemon which is outbound. SMTP (port 25) is inbound and where the spam gets into your system.
    Pete
  8. ptyork's Avatar
    Posts
    69 Posts
    Global Posts
    70 Global Posts
    #8  
    Quote Originally Posted by PeteEMT
    Just curious on this, how would it have any effect on spam. 143 is usually attached to an IMAP daemon which is outbound. SMTP (port 25) is inbound and where the spam gets into your system.
    Ditto. Trim81's comment makes no sense unless I'm missing something serious. Spam is sent via SMTP or retrieved using POP or IMAP. In neither case would closing port 143 help matters. Even closing port 25 or tightening up your SMTP to require SSL or authentication won't really affect things unless you have some kind of catch all e-mail address that would receive it. Spammers COULD use your SMTP server to send spam, but this is easily corrected by requiring SMTP authorization or simply denying relay on the SMTP server. No, SPAM is not the issue. That said, there may be other reasons for closing 143 and/or tightening security on the firewall. original jht's suggestions are valid ones for tightening e-mail security while maintaining IMAP access to mail.

    Paul
  9. #9  
    Exactly my point! This is just a tech admin waving his hand like obi wan and saying can't be done.
  10. #10  
    The IT guy didn't say they were used as a spam relay *because of* leaving port 143 open in the past -- sounds like he just used that as an example for not wanting to open all kinds of ports. Maybe he's a little more cautious now after getting burned in the past.

    I dunno how many other people are in Horatio's office but if it were my office, I know IT would not be making special exceptions for a single user out of 250.


  11.    #11  
    Quote Originally Posted by Joebar
    The IT guy didn't say they were used as a spam relay *because of* leaving port 143 open in the past -- sounds like he just used that as an example for not wanting to open all kinds of ports. Maybe he's a little more cautious now after getting burned in the past.

    I dunno how many other people are in Horatio's office but if it were my office, I know IT would not be making special exceptions for a single user out of 250.
    My office is small enough to make an exception for me, however, your description of my IT guy is accurate. He has gotten burned a couple of times and is in full lockdown mode.

    It sounds like port 143 isn't responsible for the spam relay, but leaving it open could cause other problems. What is the worst case scenario for leaving 143 open?

    Bottom line, I'm going to set up the forwarding to Fastmail tomorrow. Thanks for all the replies.
  12. #12  
    horatio8,

    You are lucky the company is letting you forward your email. Where I worked as a contactor recently they did not allow IMAP, POP3 or mail forwarding for anyone at the company.
  13. #13  
    On the box that I administered, I allowed authenticated smtp out (from machines inside our subnet) and pop3s and imaps in from outside. I allowed ssh and scp in from only selected ip addresses. All other ports were closed.

    If you needed to send mail from outside, I assumed you could get an smtp server since you were using another service to get online anyway. (Could have implemented smtps I suppose, but never had to.)

    While I agree with the admin that minimizing open ports is a good thing, to _not_ have ssl installed seems incredibly short sighted, unless I am misunderstanding your IT guys actions.
  14. #14  
    Just an alternative to forwarding -- I hated the fact that the forwarded emails came from my account as they arrived in my fastmail folder. In other words, they all came from ME as the sender, so when I opened up the email in Chatter, I had to scroll a lot or get into the attachment. (I generally set it up to forward the email in-line b/c scrolling is easier than opening attachment after attachment just to read the email.)

    Here's the solution -- set up an account in Outlook for your fastmail account. Then, set up a rule that MOVES all of your incoming email to a folder within your Fastmail account (I called mine Work Email). I used that folder as my inbox on the desktop computer, but b/c it's IMAP to fastmail, I get push email notification, with delivery, via Chatter to my phone when I'm mobile. The only trick to this is to set up a desktop that always has outlook open or it won't sync with fastmail. Good luck!
  15.    #15  
    Quote Originally Posted by ricochet
    Just an alternative to forwarding -- I hated the fact that the forwarded emails came from my account as they arrived in my fastmail folder. In other words, they all came from ME as the sender, so when I opened up the email in Chatter, I had to scroll a lot or get into the attachment. (I generally set it up to forward the email in-line b/c scrolling is easier than opening attachment after attachment just to read the email.)

    Here's the solution -- set up an account in Outlook for your fastmail account. Then, set up a rule that MOVES all of your incoming email to a folder within your Fastmail account (I called mine Work Email). I used that folder as my inbox on the desktop computer, but b/c it's IMAP to fastmail, I get push email notification, with delivery, via Chatter to my phone when I'm mobile. The only trick to this is to set up a desktop that always has outlook open or it won't sync with fastmail. Good luck!
    Thank you very much for solving my problem. My IT person wouldn't let me set a redirect rule on the server, so your suggestion is the best alternative. Now, I can keep Chatter and not have to revert to the dreaded Xpressmail. I'll have to remember to lock my computer and hope that my machine keeps running.
  16. #16  
    no problem -- glad I could help. Please pass this along to others -- I've read a ton of other people with similar issues in this forum, among others, and this idea just hit me the other day. Works great!
  17.    #17  
    Richocet,

    I ran into a problem that I think I can solve when I'm back in the office tomorrow. I thought I'd run it by you first. I set up a client-based Outlook rule to move a copy of all incoming emails to my Fastmail inbox account in Outlook. The files with attachments, however, have the attachments showing up in Fastmail, and in Chatter, as winmail.dat files. I think I need to set up somewhere to copy emails to Fastmail as "text only." Did you have this problem and how did you solve it? Thanks.

Posting Permissions