Re: [fw-wiz] SMTP Proxies and Application Proxies for Lotus Domino
From: Bill Royds (Bill_at_royds.net)
Date: 06/10/03
- Previous message: Joseph Steinberg: "[fw-wiz] Re: SMTP Proxies and Application Proxies for Lotus Domino"
- In reply to: Jeff B: "[fw-wiz] SMTP Proxies and Application Proxies for Lotus Domino"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <bolesjb@yahoo.com>, <firewall-wizards@honor.icsalabs.com> Date: Mon, 9 Jun 2003 19:41:57 -0400
Lotus Notes uses 1352/tcp to carry all of its traffic so it can be fairly
easily carried through a firewall by opening a single port, but the only
proxy I know of is the Domino server itself. A fairly simple design would be
to have a server on your DMZ that talks Notes through your firewall to
internal system and SMTP through a firewall to the Internet. The SMTP
traffic can pass through something like McAfee MailShield before being
converted to Notes format.
For remote client access, the Notes server can talk to Notes clients on
the Internet for message retrieval, with settings to force all connections
to be encrypted and with multiple factors authentication (Notes ID, which is
a PKI certificate, plus SecurID for example).
Alternatively, you can the fact that Domino support SSL/TSL access to web
retrieval for access with certificates. This does not require Notes client
software for each user but limits somewhat the access to documents.
There are several HTTP traffic normalizing systems available that can be put
on the domino web server. They listen on port 80, nornalize and filter the
traffic, then pass the traffic to the actual domino server on aniother port.
Information Security Magazine had a review of several last year
http://www.infosecuritymag.com/2002/may/bulletproof.shtml
----- Original Message -----
From: "Jeff B" <bolesjb@yahoo.com>
To: <firewall-wizards@honor.icsalabs.com>
Sent: Sunday, June 08, 2003 6:56 PM
Subject: [fw-wiz] SMTP Proxies and Application Proxies for Lotus Domino
Group:
I'm product hunting, and out of ideas.
I'm looking for two things, and hoping somebody can make some
recommendations.
1. In a current design, wouldn't mind implementing an mail proxy - at least
SMTP gateway/relay, although Pop3 would be welcome also. Don't really need
some complex do it all box - just looking for a standalone type component to
isolate this function and fit into the current architecture which does most
other stuff well. Need COTS product, opensource not possible. Interscan
VirusWall is about the only thing I can find - don't need the virus layer,
but might go that direction anyhow.
2. Looking for a inbound traffic web proxy, or even an 'url scan' type
product, for a Lotus Domino system. Currently externally hosted front-end
web page redirects links to apps on an AS400 domino box, which is on the
inside network, and gets traffic NAT'd and passed through the FW (this box
is also the SMTP box). Looking to get around this and put a 'proxy' of some
type on the DMZ. Not my ideal solution for this architecture, but
additional AS400 or Domino box for external apps is out of the question in
the current budget year. Proxy of some type will likely make it a little
better. Again, need COTS, opensource not possible. Proxying domino is a
big unknown - anybody seen/done this, or have recommendations?
Thanks,
Jeff B.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Joseph Steinberg: "[fw-wiz] Re: SMTP Proxies and Application Proxies for Lotus Domino"
- In reply to: Jeff B: "[fw-wiz] SMTP Proxies and Application Proxies for Lotus Domino"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
