Security Basics mailing list archives

RE: open proxy

From: "J.P.A. Ernest" <security () joosternest nl>
Date: Thu, 3 Apr 2003 00:35:39 +0200

Hello all,

First of all, I would like to thank everyone for their responses. Today
I recieved the first message from our Dutch IPS that our external IP is
unblocked... A couple of other dbases to go...

As you al read in my first message, i'am not a security admin... the
problem is that I work part-time administring a network which I have not
build myself. But with all the suggestions handed to me I will talk to
my supervisors to tighten the security around our network.

Indeed, ISA-server is on my priority-list along with the rebuilding of
the internal network.

So, thanks for your input. I know I have a lot to learn about this
subject bij this mailinglist is a very good start!

Joost Ernest
The Netherlands

-----Original Message-----
From: Devdas Bhagat [mailto:dvb () users sourceforge net] 
Sent: dinsdag 1 april 2003 12:32
To: security-basics () securityfocus com
Subject: Re: open proxy

On 30/03/03 12:31 +0200, Joost Ernest wrote:

I have a question regarding to "open proxy". We are using Domino

server

as our mail server in a w2k server environment. A week ago we started

to

receive a-mail from a Dutch ISP dat our mailserver has been listed in

an

Open Proxy Database. As a result of this we can't send e-mail at

all... 
You have an open proxy on your network. Possibly ISA? Have the proxy
accept requests *only* from your ip block.
With squid (http://www.squid-cache.org), I would do:
acl mylan src 192.168.1.0/24 #This is the netblock for my local LAN
http_access allow mylan #Permit my LAN users to use squid
http_access deny all #Deny everyone

I have started to block some ports explicitly (135, 139, 443, 1080, 
etc..) I also read some articles about this subject in which was

written
First rule of firewalling: 
Block everything,
Open as needed.

that i should use Authentication for every user that wants tos end
E-mail. I know how to configure this in Exchange but i don't know how

can arrange this with Domino server.

You need to authenticate on the basis of IP addresses, or username
password pairs.

http://www.google.com/search?q=smtp+auth+domino

HTH
Devdas Bhagat


-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-security-basics




-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-security-basics

Current thread:

Re: open proxy James P. Schmidt (Apr 01)
- <Possible follow-ups>
- Re: open proxy Mel (Apr 01)
- Re: open proxy Michael Osten (Apr 01)
- open proxy nee cee (Apr 01)
- Re: open proxy Anders Reed Mohn (Apr 01)
- Re: open proxy Devdas Bhagat (Apr 01)
  - RE: open proxy J.P.A. Ernest (Apr 03)