RE: [fw-wiz] Re: SMTP Proxies and Application Proxies for Lotus Domino

From: Ben Nagy (
Date: 06/10/03

  • Next message: Bennett Todd: "[fw-wiz] home net security (was Re: 802.11b and IPSec)"
    To: <>
    Date: Tue, 10 Jun 2003 10:37:04 +0200

    > -----Original Message-----
    > From:
    > [] On Behalf
    > Of Joseph Steinberg
    > Whale Communications offers a Lotus-specific proxy that
    > provides numerous
    > security functions including URL filtering, browser-side
    > security, Air Gap
    > isolation, and more. For more information please see:

    Ah, the Air Gap. My favourite firewall snake oil.

    Actually, though, the article linked from that page (including a snazzy
    picture of Mr Steinberg) "Secure Remote Access to Domino" is a very good
    overview, if you cover your ears and go 'la la la la' when you get to the
    'airgap' bits.

    > Message: 2
    > Reply-To: <>
    > From: "Jeff B" <>
    > Proxying
    > domino is a
    > big unknown - anybody seen/done this, or have recommendations?

    For Domino webstuff there are lots of nonobvious URLs and characters that
    you need to block. Litchfield did a good article which covers a lot of
    stuff, but it's a bit old, and I hope never to have to do Domino work again,
    so I haven't researched this for a while.

    Essentially, the basic "put another domino server in the DMZ and replicate"
    architecture works sort of OK, but I'd be less happy with the "put a reverse
    proxy in front of the domino part of the important box" idea. The really
    critical thing is not to let the Internet talk on 1352 to your Notes box.

    I once played with a very simple mail relay that was COTS for NT4, but I
    forget the name now. :( The point is that there does exist a windoze
    solution that does nothing but simple SMTP relay. Jeff - clearly you know
    you should use a stripped open source box running qmail or postfix. Why not
    pay a local place to paint something red? ;)


    firewall-wizards mailing list

  • Next message: Bennett Todd: "[fw-wiz] home net security (was Re: 802.11b and IPSec)"