Firewall Wizards mailing list archives
RE: Re: SMTP Proxies and Application Proxies for Lotus Domino
From: "Ben Nagy" <ben () iagu net>
Date: Tue, 10 Jun 2003 10:37:04 +0200
-----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Joseph Steinberg
[...]
Whale Communications offers a Lotus-specific proxy that provides numerous security functions including URL filtering, browser-side security, Air Gap isolation, and more. For more information please see: www.whalecommunications.com/lotus
Ah, the Air Gap. My favourite firewall snake oil. Actually, though, the article linked from that page (including a snazzy picture of Mr Steinberg) "Secure Remote Access to Domino" is a very good overview, if you cover your ears and go 'la la la la' when you get to the 'airgap' bits.
Message: 2 Reply-To: <bolesjb () yahoo com> From: "Jeff B" <bolesjb () yahoo com>
[...]
Proxying domino is a big unknown - anybody seen/done this, or have recommendations?
For Domino webstuff there are lots of nonobvious URLs and characters that you need to block. Litchfield did a good article which covers a lot of stuff, but it's a bit old, and I hope never to have to do Domino work again, so I haven't researched this for a while. http://www.nextgenss.com/papers/hpldws.pdf Essentially, the basic "put another domino server in the DMZ and replicate" architecture works sort of OK, but I'd be less happy with the "put a reverse proxy in front of the domino part of the important box" idea. The really critical thing is not to let the Internet talk on 1352 to your Notes box. I once played with a very simple mail relay that was COTS for NT4, but I forget the name now. :( The point is that there does exist a windoze solution that does nothing but simple SMTP relay. Jeff - clearly you know you should use a stripped open source box running qmail or postfix. Why not pay a local place to paint something red? ;) ben _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- SMTP Proxies and Application Proxies for Lotus Domino Jeff B (Jun 09)
- Re: SMTP Proxies and Application Proxies for Lotus Domino Bill Royds (Jun 09)
- <Possible follow-ups>
- Re: SMTP Proxies and Application Proxies for Lotus Domino Joseph Steinberg (Jun 09)
- RE: Re: SMTP Proxies and Application Proxies for Lotus Domino Ben Nagy (Jun 10)
- RE: Re: SMTP Proxies and Application Proxies for Lotus Domino Paul Robertson (Jun 10)
- RE: Re: SMTP Proxies and Application Proxies for Lotus Domino Ben Nagy (Jun 10)