RE: [fw-wiz] Re: SMTP Proxies and Application Proxies for Lotus Domino
From: Ben Nagy (ben_at_iagu.net)
Date: 06/10/03
- Previous message: Bill Royds: "Re: [fw-wiz] SMTP Proxies and Application Proxies for Lotus Domino"
- In reply to: Joseph Steinberg: "[fw-wiz] Re: SMTP Proxies and Application Proxies for Lotus Domino"
- Next in thread: Paul Robertson: "RE: [fw-wiz] Re: SMTP Proxies and Application Proxies for Lotus Domino"
- Reply: Paul Robertson: "RE: [fw-wiz] Re: SMTP Proxies and Application Proxies for Lotus Domino"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <firewall-wizards@honor.icsalabs.com> Date: Tue, 10 Jun 2003 10:37:04 +0200
> -----Original Message-----
> From: firewall-wizards-admin@honor.icsalabs.com
> [mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf
> Of Joseph Steinberg
[...]
> Whale Communications offers a Lotus-specific proxy that
> provides numerous
> security functions including URL filtering, browser-side
> security, Air Gap
> isolation, and more. For more information please see:
> www.whalecommunications.com/lotus
Ah, the Air Gap. My favourite firewall snake oil.
Actually, though, the article linked from that page (including a snazzy
picture of Mr Steinberg) "Secure Remote Access to Domino" is a very good
overview, if you cover your ears and go 'la la la la' when you get to the
'airgap' bits.
> Message: 2
> Reply-To: <bolesjb@yahoo.com>
> From: "Jeff B" <bolesjb@yahoo.com>
[...]
> Proxying
> domino is a
> big unknown - anybody seen/done this, or have recommendations?
For Domino webstuff there are lots of nonobvious URLs and characters that
you need to block. Litchfield did a good article which covers a lot of
stuff, but it's a bit old, and I hope never to have to do Domino work again,
so I haven't researched this for a while.
http://www.nextgenss.com/papers/hpldws.pdf
Essentially, the basic "put another domino server in the DMZ and replicate"
architecture works sort of OK, but I'd be less happy with the "put a reverse
proxy in front of the domino part of the important box" idea. The really
critical thing is not to let the Internet talk on 1352 to your Notes box.
I once played with a very simple mail relay that was COTS for NT4, but I
forget the name now. :( The point is that there does exist a windoze
solution that does nothing but simple SMTP relay. Jeff - clearly you know
you should use a stripped open source box running qmail or postfix. Why not
pay a local place to paint something red? ;)
ben
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Bill Royds: "Re: [fw-wiz] SMTP Proxies and Application Proxies for Lotus Domino"
- In reply to: Joseph Steinberg: "[fw-wiz] Re: SMTP Proxies and Application Proxies for Lotus Domino"
- Next in thread: Paul Robertson: "RE: [fw-wiz] Re: SMTP Proxies and Application Proxies for Lotus Domino"
- Reply: Paul Robertson: "RE: [fw-wiz] Re: SMTP Proxies and Application Proxies for Lotus Domino"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
