Re: [fw-wiz] Securing email by inhibiting urls



You need to re-think how you handle mail. Two things:


1. Take out all Chinese IP addresses at the firewall. Nothing of value comes out of China. 99% of it is toxic. Why let them even have a chance?



2. Direct webmail over the internet is dangerous at best. You need to set up an SMTP mail proxy on your system that receives, processes, and either accepts or rejects all incoming email. Use Sendmail + MailScanner + SpamAssassin + Clamav. Won't cost you a cent and will take all bad stuff out as you instruct it to do.


3. Mail that makes it through the proxy should then be directed to the webmail server. It will be safe and clean.

From: firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxxxx [mailto:firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Chris
Sent: Monday, August 01, 2011 11:47 AM
To: firewall-wizards@xxxxxxxxxxxxxxxxxxxxxxx
Subject: [fw-wiz] Securing email by inhibiting urls

A company I work for has been having great difficulty in securing against email attacks. So far we have disabled access to webmail, implemented rules and processes to block freemail services like hotmail etc until the sender registers the address and of course a spam filter (BrightMail). Attachment filtering is pretty strict as well.

The threat that presents the biggest challenge is url links in emails. The common method of attack is an email from somedomain.com where they change one character or otherwise make the address look valid (ie: joe@xxxxxxxxxxxxxx<mailto:joe@xxxxxxxxxxxxxx> or j0e@xxxxxxxxxxxxxx<mailto:j0e@xxxxxxxxxxxxxx> etc).

I was looking for a way to spot and block hyperlinks but it looks like the only option I have is to filter on these and send them to a spam bin. I'd rather yank the offending hyperlink and replace it with a message of some sort. Unfortunately BrightMail doesn't offer that capability.

Any products that do this or ideas on a solution?

Thanks

--
This message has been scanned for viruses and dangerous
content by MailScanner<http://www.mailscanner.info/>, and is believed to be clean.
MailScanner at Bandwidthco Computer Security<http://www.bandwidthco.com/> is for your absolute protection.

########################################################
This message has been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.

postmaster@xxxxxxxxxxxxxxx
MailScanner at Bandwidthco Computer Security is for your absolute protection.
########################################################

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


Relevant Pages

  • Re: Hey
    ... Secure it, clean it, and that way you know you have done what you could... ... It contains advice ... using Windows XP "prettifications". ... You should at least turn on the built in firewall. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Starting up problem
    ... It contains advice ... It may help speed up your system, but it should be clean ... using Windows XP "prettifications". ... You should at least turn on the built in firewall. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: question about the new service pack 2
    ... It contains advice ... It may help speed up your system, but it should be clean ... using Windows XP "prettifications". ... You should at least turn on the built in firewall. ...
    (microsoft.public.windowsxp.newusers)
  • Re: xp sp2
    ... Can I uninstall or fix this? ... > Windows XP, I suggest you clean up your system first. ... You should at least turn on the built in firewall. ...
    (microsoft.public.windowsxp.perform_maintain)
  • Re: Clean Computer
    ... >> How to clean up Unwanted files & Programs? ... > simple maintenance tasks - think of it like changing the oil in your car, ... > using Windows XP "prettifications". ... > Why you should use a computer firewall.. ...
    (microsoft.public.windowsxp.perform_maintain)