Firewall Wizards mailing list archives
Re: SMTP Proxies and Application Proxies for Lotus Domino
From: "Bill Royds" <Bill () royds net>
Date: Mon, 9 Jun 2003 19:41:57 -0400
Lotus Notes uses 1352/tcp to carry all of its traffic so it can be fairly easily carried through a firewall by opening a single port, but the only proxy I know of is the Domino server itself. A fairly simple design would be to have a server on your DMZ that talks Notes through your firewall to internal system and SMTP through a firewall to the Internet. The SMTP traffic can pass through something like McAfee MailShield before being converted to Notes format. For remote client access, the Notes server can talk to Notes clients on the Internet for message retrieval, with settings to force all connections to be encrypted and with multiple factors authentication (Notes ID, which is a PKI certificate, plus SecurID for example). Alternatively, you can the fact that Domino support SSL/TSL access to web retrieval for access with certificates. This does not require Notes client software for each user but limits somewhat the access to documents. There are several HTTP traffic normalizing systems available that can be put on the domino web server. They listen on port 80, nornalize and filter the traffic, then pass the traffic to the actual domino server on aniother port. Information Security Magazine had a review of several last year http://www.infosecuritymag.com/2002/may/bulletproof.shtml ----- Original Message ----- From: "Jeff B" <bolesjb () yahoo com> To: <firewall-wizards () honor icsalabs com> Sent: Sunday, June 08, 2003 6:56 PM Subject: [fw-wiz] SMTP Proxies and Application Proxies for Lotus Domino Group: I'm product hunting, and out of ideas. I'm looking for two things, and hoping somebody can make some recommendations. 1. In a current design, wouldn't mind implementing an mail proxy - at least SMTP gateway/relay, although Pop3 would be welcome also. Don't really need some complex do it all box - just looking for a standalone type component to isolate this function and fit into the current architecture which does most other stuff well. Need COTS product, opensource not possible. Interscan VirusWall is about the only thing I can find - don't need the virus layer, but might go that direction anyhow. 2. Looking for a inbound traffic web proxy, or even an 'url scan' type product, for a Lotus Domino system. Currently externally hosted front-end web page redirects links to apps on an AS400 domino box, which is on the inside network, and gets traffic NAT'd and passed through the FW (this box is also the SMTP box). Looking to get around this and put a 'proxy' of some type on the DMZ. Not my ideal solution for this architecture, but additional AS400 or Domino box for external apps is out of the question in the current budget year. Proxy of some type will likely make it a little better. Again, need COTS, opensource not possible. Proxying domino is a big unknown - anybody seen/done this, or have recommendations? Thanks, Jeff B. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- SMTP Proxies and Application Proxies for Lotus Domino Jeff B (Jun 09)
- Re: SMTP Proxies and Application Proxies for Lotus Domino Bill Royds (Jun 09)
- <Possible follow-ups>
- Re: SMTP Proxies and Application Proxies for Lotus Domino Joseph Steinberg (Jun 09)
- RE: Re: SMTP Proxies and Application Proxies for Lotus Domino Ben Nagy (Jun 10)
- RE: Re: SMTP Proxies and Application Proxies for Lotus Domino Paul Robertson (Jun 10)
- RE: Re: SMTP Proxies and Application Proxies for Lotus Domino Ben Nagy (Jun 10)