| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 1725.1 | adding Mimesweeper | GALVIA::KEATING | | Tue Jan 21 1997 12:28 | 49 |
| 1725.2 | | QUICHE::PITT | Alph a ha is better than no VAX! | Wed Jan 22 1997 05:57 | 67 |
| 1725.3 | web scan | EEMELI::EINAMO | | Wed Jan 22 1997 06:56 | 5 |
| 1725.4 | restrict mail through gate/screend ? | TLAV02::RUDI | | Mon Jan 27 1997 22:52 | 11 |
| RE: .2 the part of "mimesweep as internal mailhub as far as FW
concerned" and "FW accepting outbound mail from only mimesweep"
I assume that with a gatekeeper -- gate -- mimesweeper setup, you can
configure screend on gate to allow SMTP traffic only between
mimesweeper and gatekeeper. No idea though how to restrict traffic from
any mail client/server to mimesweeper or any mailserver behind it.
Please correct me whem I'm wrong.
rudi
|
| 1725.5 | | QUICHE::PITT | Alph a ha is better than no VAX! | Tue Jan 28 1997 04:32 | 6 |
| Re .4: You're right. If you have a gate machine, then you can use that to
restrict access to the smtp port on the firewall to be only from the mimesweeper
box. I don't think you have to do anything else - inbound all mail will be
given by the firewall to the designated mailhub anyway.
T
|
| 1725.6 | mimesweeper implementation plan based on NT ? | IJSAPL::VANHULST | | Tue Jan 28 1997 08:20 | 35 |
|
proposal of mimesweeper structure:
Internet
!
router NTsystem + Mimesweep
! !
--------red net -----------
!
NT firewall
!
router
!
--------- blue net --------
All incoming smtp (mail) messages will be forwarded to the NT-server
running Mimesweeper either by the firewall or the external router? .
After screening all smtp messages by mimesweeper, the smtp message
without any suspicious contents will be forwarded to the firewall ....
the firewall will accept only those smtp messages send by the NT-sweep
system (IP adres check and spoofing protected by the router)
AV firewall will forwarded those controlled messages to the blue net
Ingredients:
NT-system
Mimesweeper
Implementation effort (couple of days)
So the question will this work with our and AV NT-firewall has the flexibility to
do this kind of smtp routing ?
regards,
Henk
|
| 1725.7 | | QUICHE::PITT | Alph a ha is better than no VAX! | Tue Jan 28 1997 09:59 | 7 |
| The only installation I've done that had mimesweeper ran it on the internal
network. That way it was protected by the firewall. I feel this is a better
configuration that the one you've drawn up. After all, you can't actually stop
anyone sending their mail direct to your firewall, even if the MX records only
point to the Mimesweeper box.
T
|
| 1725.8 | put Mimesweeper behind AT LEAST a packet filter | ANNECY::CHATEL_M | | Thu Jan 30 1997 05:49 | 6 |
| Besides, the NT mimesweeper is probably a "standard" NT machine with
the "standard" security holes...
You don't want that facing the Net directly, I'd say...
Marc Chatel @ AEO
|
| 1725.9 | | NCMAIL::SMITHB | | Thu Jan 30 1997 12:12 | 4 |
| Would using the "% hack" be a way of making the mimesweeper box forward
mail to gatekeeper without scanning it?
Brad.
|
| 1725.10 | Router ACL's ? | UTRUST::HEEMSKERK | | Fri Jan 31 1997 09:36 | 17 |
| Can't we do anything with ACL's on the routers? (permit only traffic
with dest port 25 to the NT/MIMESweeper machine?
Deny all the other destinations with port 25. Just a thought...
Tony:
An advantage of placing MIMESweeper outside of your LAN on the rednet,
is of course that only *trusted* mail enters your LAN. Local mail
wouldn't have to be tempered with. (i.e. scanned for certain words
(go wash your mouth!) Also mail sent to the internet is being scanned
for virusses/bad language etc. etc)
MarcoMarco
Just a thought...
Marco
|
| 1725.11 | internal mail ?? | SNOFS1::NANCARROW | | Wed Feb 05 1997 01:54 | 14 |
| I do not understand why mimesweeper would scan internal mail if it
is not the mail hub itself you would have to re-configure mail to go
through it rather than it scanning all internal mail.
advantages of it being on the internal network should include
management supevision without openning a hole in the firewall and
ease of use.
My one concern would be the fact that the box would be receiving
the mail alarms from the firewall and would have to forward them on to
the mail hub and it would be a long path to it's destination. Would
that cause a problem, the firewall tends to crash if the alarm queue
length gets to long in mail or conversely can the firewall be told to
send it's alarm mail to a node direct instead of the mail hub ?
Mike N.
|