RE: [fw-wiz] Re: SMTP Proxies and Application Proxies for Lotus Domino
From: Ben Nagy (ben_at_iagu.net)
To: <email@example.com> Date: Tue, 10 Jun 2003 10:37:04 +0200
> -----Original Message-----
> From: firstname.lastname@example.org
> [mailto:email@example.com] On Behalf
> Of Joseph Steinberg
> Whale Communications offers a Lotus-specific proxy that
> provides numerous
> security functions including URL filtering, browser-side
> security, Air Gap
> isolation, and more. For more information please see:
Ah, the Air Gap. My favourite firewall snake oil.
Actually, though, the article linked from that page (including a snazzy
picture of Mr Steinberg) "Secure Remote Access to Domino" is a very good
overview, if you cover your ears and go 'la la la la' when you get to the
> Message: 2
> Reply-To: <firstname.lastname@example.org>
> From: "Jeff B" <email@example.com>
> domino is a
> big unknown - anybody seen/done this, or have recommendations?
For Domino webstuff there are lots of nonobvious URLs and characters that
you need to block. Litchfield did a good article which covers a lot of
stuff, but it's a bit old, and I hope never to have to do Domino work again,
so I haven't researched this for a while.
Essentially, the basic "put another domino server in the DMZ and replicate"
architecture works sort of OK, but I'd be less happy with the "put a reverse
proxy in front of the domino part of the important box" idea. The really
critical thing is not to let the Internet talk on 1352 to your Notes box.
I once played with a very simple mail relay that was COTS for NT4, but I
forget the name now. :( The point is that there does exist a windoze
solution that does nothing but simple SMTP relay. Jeff - clearly you know
you should use a stripped open source box running qmail or postfix. Why not
pay a local place to paint something red? ;)
firewall-wizards mailing list