sunhux
asked on
Concerns with rerouting emails from head office's Proofpoint to our exchange server
We plan to have an interim setup where emails meant for us in our country & HQ (in another country)
has a common (.com instead of .sg & .au) so the plan is to reroute emails from HQ's Proofpoint (which
scan for malware, spam, rules) meant for us to us (via public Internet ) & Proofpoint locally won't
scan further for malware, spam, rules. Pls share the possible concerns/issues (security & non-security as well):
(I can only think of 2 concerns : can the source from our HQ srvm02.zzzbank.com.au be spoofed either by
IP & FQDN? & while forwarding via Internet, can it be altered/injected? we don't plan to set up a site to
site VPN between our HQ & us)
eg: header info from a sample email
Received: from smtp.zzzbank.com.au (10.98.2.87) by ZZZWVEXC01ZZ.bbb.com.au
(10.9.95.37) with zzzzz SMTP Server (TLS) id 24.3.271.0; Wed, 20 Jul 2016
17:07:22 +0800
Received: from pps.reinject (srvm02.zzzbank.com.au [127.0.0.1]) by
srvz02.zzzbank.com.au (8.15.0.59/8.15.0.59) with ESMTPS id u6K97Jk3033821
has a common (.com instead of .sg & .au) so the plan is to reroute emails from HQ's Proofpoint (which
scan for malware, spam, rules) meant for us to us (via public Internet ) & Proofpoint locally won't
scan further for malware, spam, rules. Pls share the possible concerns/issues (security & non-security as well):
(I can only think of 2 concerns : can the source from our HQ srvm02.zzzbank.com.au be spoofed either by
IP & FQDN? & while forwarding via Internet, can it be altered/injected? we don't plan to set up a site to
site VPN between our HQ & us)
eg: header info from a sample email
Received: from smtp.zzzbank.com.au (10.98.2.87) by ZZZWVEXC01ZZ.bbb.com.au
(10.9.95.37) with zzzzz SMTP Server (TLS) id 24.3.271.0; Wed, 20 Jul 2016
17:07:22 +0800
Received: from pps.reinject (srvm02.zzzbank.com.au [127.0.0.1]) by
srvz02.zzzbank.com.au (8.15.0.59/8.15.0.59) with ESMTPS id u6K97Jk3033821
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.