POP vs IMAP vs MAPI - security through firewalls?

[Joseph S D Yao <jsdy () cospo osis gov>]

Recently, one of our firewalled sites (hosted at a military base) was
directed that they had to stand down their internal mail server and use
the external base mail server.  This being the US military, this will
be an MS Exchange server, and the people inside the firewall are being
directed to use MS Outlook.  [How this will run on their Suns I don't
know, but that's not my problem.]

They were told they had to use MS MAPI to read the mail, and so they
would have to open TCP ports 135-139, 50000, 50001, and perhaps others
to be named later.  They were also told that MAPI must be used because
it is "slightly more secure" than POP3 or IMAP4.

The firewall is proxying-only, which of course means TCP-only.  I'm not
familiar with MAPI, and of course there is no RFC describing it, or any
publicly available documentation of which I'm aware.

Is anyone aware of any verifiable security testing that's been done on
MAPI?  Is it in fact "more secure" than POP3 and IMAP4?  You needn't
tell me that the latter two have security vulnerabilities - I've heard
this - but details would help [I haven't collected those], and if there
is a comparison to MAPI that would be so much the better.  Is MAPI that
much better?  [It had better be, to use up 7+ ports!  ;-(]

Are there any reliable proxies for any of these protocols?

Thank you!

-- 
Joe Yao                         jsdy () cospo osis gov - Joseph S. D. Yao
COSPO/OSIS Computer Support                                     EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards