Re: [fw-wiz] imap and content inspection?

ark_at_eltex.net
Date: 10/10/03

  • Next message: Wes Noonan: "RE: [fw-wiz] Cisco PIX506 problem minxing VPN and NAT" 
    To: "Dawes, Rogan (ZA - Johannesburg)" <rdawes@deloitte.co.za>
Date: Fri, 10 Oct 2003 13:43:06 +0400

    nuqneH,

    Nope, it has no in-depth protocol knowlegde besides session initiation,
    only a simple tunnel loop. :-(

    On Fri, Oct 10, 2003 at 11:05:36AM +0200, Dawes, Rogan (ZA - Johannesburg) wrote:
    > You may want to look at www.imapproxy.org. Granted it is not exactly the
    > same thing, but it should provide some basic protocol handling code that
    > could be developed further.
    >
    >
    > > -----Original Message-----
    > > From: ark@eltex.ru [mailto:ark@eltex.ru]
    > > Sent: 09 October 2003 01:41 PM
    > > To: firewall-wizards@honor.icsalabs.com
    > > Subject: [fw-wiz] imap and content inspection?
    > >
    > >
    > > Hi,
    > >
    > > I am planning IMAP filtering proxy implementation. A quick
    > > look into rfc
    > > shows the IMAP protocol appears to be designed to maximize firewall
    > > application layer problems ;-). I mean it requires proxy to
    > > handle full
    > > email mime parsing, besides quite sophisticated protocol itself, thus
    > > making proxy very complex pile of code, comparable with IMAP
    > > server itself,
    > > which turns its security (through simplicity!) advantage questionable.
    > > And - there are numerous ways to retreive various parts of
    > > messages without
    > > handling message as whole; if content inspection means simple
    > > virus check
    > > with binary result (OK/BAD) it is not really a problem, but
    > > if we employ other
    > > content inspection types, it ruins the whole idea.
    > >
    > > I know here are many people on the list who know
    > > implementation details in
    > > depth, how do other vendors solve this problem? Is "best practice" now
    > > to just handle FETCH and UID FETCH commands syntax issued by
    > > widespread email
    > > clients and not to care if other techniques are used?

                                         _ _ _ _ _ _ _
     {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_
     (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_|
     [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one!
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Wes Noonan: "RE: [fw-wiz] Cisco PIX506 problem minxing VPN and NAT"

    Relevant Pages

    • Re: Recent spam increase
      ... setting up pop/imap servers. ... But what if you use several machines, so that your local mailspool ... can't be read from another machine (assume that a local IMAP server ... IMAP protocol) may be the only solution... ...
      (Debian-User)
    • Re: IMAP Access Not Working!!
      ... Server daemons for IMAP and POP network mail protocols. ... > The imap package provides server daemons for both the IMAP (Internet ... > Message Access Protocol) and POP mail access ...
      (Fedora)
    • Re: Mobile Phone
      ... Should it be possible to retrive my e-mail to my nokia 6600 from my companies exchage 2003 server using the IMAP4 protocol? ... Whether it is actually possible depends on many things: namely whether IMAP support is enabled in Exchange; whether there are any intermediate firewalls between your company's Exchange server, and your phone, that can get in the way; and possible bugs in your Exchange server's or your phone's IMAP implementation. ... Are you intimating that IMAP isn't really enabled and those devices that claim to be using the service are really, secretly using another protocol? ...
      (comp.mail.imap)
    • Re: dovecot can not find mailbox
      ... login_greeting = Dovecot ready. ... protocol imap { ... running so that Sendmail could use it for authentication for sending ...
      (freebsd-questions)
    • Re: OT: Synchronizing Email between PCs
      ... The POP server knows nothing about outgoing mail. ... Outgoing mail is always handled with SMTP (Simple Mail Transfer Protocol), and the connection may go to a completely different machine than the one that handles POP for you. ... With IMAP it is almost the same; however, unlike POP, which is strictly a one-way affair, IMAP allows stuff to be transferred from your local machine to the IMAP host. ... In other words, when you send mail through an account set up for IMAP, two things happen simultaneously: Your mail gets sent to the recipient via SMPT, and at the same time it gets sent via IMAP to your personal email repository. ...
      (sci.electronics.design)